diff --git a/mozilla/security/manager/locales/en-US/chrome/pippki/certManager.dtd b/mozilla/security/manager/locales/en-US/chrome/pippki/certManager.dtd
index 5af23acf72a..366c92564fa 100644
--- a/mozilla/security/manager/locales/en-US/chrome/pippki/certManager.dtd
+++ b/mozilla/security/manager/locales/en-US/chrome/pippki/certManager.dtd
@@ -38,17 +38,17 @@
 <!ENTITY certmgr.title                       "Certificate Manager">
 
 <!ENTITY certmgr.tab.mine                     "Your Certificates">
-<!ENTITY certmgr.tab.others2                  "People">
+<!ENTITY certmgr.tab.others                   "Other People's">
 <!ENTITY certmgr.tab.websites3                "Servers">
 <!ENTITY certmgr.tab.ca                       "Authorities">
-<!ENTITY certmgr.tab.orphan2                  "Others">
+<!ENTITY certmgr.tab.orphan                   "Extra">
 
 <!ENTITY certmgr.ca.builtins                  "Built-in CAs">
 <!ENTITY certmgr.ca.mycas                     "CAs Managed By You">
 
 <!ENTITY certmgr.mine                         "You have certificates from these organizations that identify you:">
 <!ENTITY certmgr.others                       "You have certificates on file that identify these people:">
-<!ENTITY certmgr.websites2                    "You have certificates on file that identify these servers:">
+<!ENTITY certmgr.websites                     "You have certificates on file that identify these web sites:">
 <!ENTITY certmgr.cas                          "You have certificates on file that identify these certificate authorities:">
 <!ENTITY certmgr.orphans                      "You have certificates on file that do not fit in any of the other categories:">
 
diff --git a/mozilla/security/manager/pki/resources/content/WebSitesOverlay.xul b/mozilla/security/manager/pki/resources/content/WebSitesOverlay.xul
index 92edf9f4ddf..cbe7e1b813a 100644
--- a/mozilla/security/manager/pki/resources/content/WebSitesOverlay.xul
+++ b/mozilla/security/manager/pki/resources/content/WebSitesOverlay.xul
@@ -48,7 +48,7 @@
          xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
 
   <vbox id="webCerts">
-    <description>&certmgr.websites2;</description>
+    <description>&certmgr.websites;</description>
     <separator class="thin"/>
     <tree id="server-tree" flex="1" enableColumnDrag="true"
               onselect="websites_enableButtons()">
diff --git a/mozilla/security/manager/pki/resources/content/certManager.xul b/mozilla/security/manager/pki/resources/content/certManager.xul
index 5cac62352c3..fbe1cdd0150 100644
--- a/mozilla/security/manager/pki/resources/content/certManager.xul
+++ b/mozilla/security/manager/pki/resources/content/certManager.xul
@@ -64,11 +64,11 @@
     <tabbox id="certmanagertabs" flex="1" style="margin:5px" persist="selectedIndex">
       <tabs id="certMgrTabbox">
         <tab id="mine_tab" label="&certmgr.tab.mine;"/>
-        <tab id="others_tab" label="&certmgr.tab.others2;"/>
+        <tab id="others_tab" label="&certmgr.tab.others;"/>
         <tab id="websites_tab" label="&certmgr.tab.websites3;"/>
         <!-- FIXME Add selected="true" to ca_tab when 373525 gets fixed. -->
         <tab id="ca_tab" label="&certmgr.tab.ca;"/>
-        <tab id="orphan_tab" label="&certmgr.tab.orphan2;"/>
+        <tab id="orphan_tab" label="&certmgr.tab.orphan;"/>
       </tabs>
       <tabpanels flex="1">
         <vbox id="myCerts" flex="1"/>
diff --git a/mozilla/security/manager/pki/resources/content/exceptionDialog.js b/mozilla/security/manager/pki/resources/content/exceptionDialog.js
index bd8d45168cf..3340eae4c91 100644
--- a/mozilla/security/manager/pki/resources/content/exceptionDialog.js
+++ b/mozilla/security/manager/pki/resources/content/exceptionDialog.js
@@ -83,32 +83,6 @@ function initExceptionDialog() {
   gDialog.getButton("extra1").disabled = true;
 }
 
-// returns true if found and global status could be set
-function findRecentBadCert(uri) {
-  try {
-    var recentCertsSvc = Components.classes["@mozilla.org/security/recentbadcerts;1"]
-                         .getService(Components.interfaces.nsIRecentBadCertsService);
-    if (!recentCertsSvc)
-      return false;
-
-    var hostWithPort = uri.host + ":" + uri.port;
-    gSSLStatus = recentCertsSvc.getRecentBadCert(hostWithPort);
-    if (!gSSLStatus)
-      return false;
-
-    gCert = gSSLStatus.QueryInterface(Components.interfaces.nsISSLStatus).serverCert;
-    if (!gCert)
-      return false;
-
-    gBroken = true;
-  }
-  catch (e) {
-    return false;
-  }
-  updateCertStatus();  
-  return true;
-}
-
 /**
  * Attempt to download the certificate for the location specified, and populate
  * the Certificate Status section with the result.
@@ -121,13 +95,8 @@ function checkCert() {
   gBroken = false;
   updateCertStatus();
 
-  var uri = getURI();
-
-  // Is the cert already known in the list of recently seen bad certs?
-  if (findRecentBadCert(uri) == true)
-    return;
-
   var req = new XMLHttpRequest();
+  var uri = getURI();
   try {
     if(uri) {
       req.open('GET', uri.prePath, false);
diff --git a/mozilla/security/manager/ssl/public/Makefile.in b/mozilla/security/manager/ssl/public/Makefile.in
index e07f0bd06d9..109bbb3f248 100644
--- a/mozilla/security/manager/ssl/public/Makefile.in
+++ b/mozilla/security/manager/ssl/public/Makefile.in
@@ -62,7 +62,6 @@ SDK_XPIDLSRCS = \
 
 XPIDLSRCS = \
     nsICertOverrideService.idl \
-    nsIRecentBadCertsService.idl \
     nsIFormSigningDialog.idl \
     nsIX509Cert2.idl \
     nsIX509Cert3.idl \
diff --git a/mozilla/security/manager/ssl/public/nsIRecentBadCertsService.idl b/mozilla/security/manager/ssl/public/nsIRecentBadCertsService.idl
index c51afe23e7e..e69de29bb2d 100644
--- a/mozilla/security/manager/ssl/public/nsIRecentBadCertsService.idl
+++ b/mozilla/security/manager/ssl/public/nsIRecentBadCertsService.idl
@@ -1,79 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is
- * Red Hat, Inc.
- * Portions created by the Initial Developer are Copyright (C) 2006
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Kai Engert <kengert@redhat.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nsISupports.idl"
-
-interface nsIArray;
-interface nsIX509Cert;
-interface nsISSLStatus;
-
-%{C++
-#define NS_RECENTBADCERTS_CONTRACTID "@mozilla.org/security/recentbadcerts;1"
-%}
-
-/**
- * This represents a global list of recently seen bad ssl status
- * including the bad cert.
- * The implementation will decide how many entries it will hold,
- * the number is expected to be small.
- */
-[scriptable, uuid(a5ae8b05-a76e-408f-b0ba-02a831265749)]
-interface nsIRecentBadCertsService : nsISupports {
-
-  /**
-   *  Retrieve the recently seen bad ssl status for the given hostname:port.
-   *  If no SSL cert was recently seen for the given hostname:port, return null.
-   *  If a good cert was seen for the given hostname:port, return null.
-   *
-   *  @param aHostNameWithPort The host:port whose entry should be tested
-   *  @return null or a recently seen bad ssl status with cert
-   */
-  nsISSLStatus getRecentBadCert(in AString aHostNameWithPort);
-
-  /**
-   *  A bad certificate that should be remembered by the service.
-   *  Will be added as the most recently seen cert.
-   *  The service may forget older entries to make room for the new one.
-   *
-   *  @param aHostNameWithPort The host:port whose entry should be tested
-   *  @param aCert The bad ssl status with certificate
-   */
-  void addBadCert(in AString aHostNameWithPort,
-                  in nsISSLStatus aStatus);
-};
diff --git a/mozilla/security/manager/ssl/src/Makefile.in b/mozilla/security/manager/ssl/src/Makefile.in
index 93af7e008ae..6d17425278f 100644
--- a/mozilla/security/manager/ssl/src/Makefile.in
+++ b/mozilla/security/manager/ssl/src/Makefile.in
@@ -59,7 +59,6 @@ PACKAGE_FILE = pipnss.pkg
 CPPSRCS = 				\
 	nsNSSCleaner.cpp                \
 	nsCertOverrideService.cpp   \
-	nsRecentBadCerts.cpp \
 	nsPSMBackgroundThread.cpp       \
 	nsSSLThread.cpp                 \
 	nsCertVerificationThread.cpp    \
diff --git a/mozilla/security/manager/ssl/src/nsCertTree.cpp b/mozilla/security/manager/ssl/src/nsCertTree.cpp
index e1232f68990..98254af7167 100644
--- a/mozilla/security/manager/ssl/src/nsCertTree.cpp
+++ b/mozilla/security/manager/ssl/src/nsCertTree.cpp
@@ -291,11 +291,11 @@ nsCertTree::GetThreadDescAtIndex(PRInt32 index)
 //  GetCertAtIndex
 //
 //  If the row at index is a cert, return that cert.  Otherwise, return null.
-already_AddRefed<nsIX509Cert>
+nsIX509Cert *
 nsCertTree::GetCertAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset)
 {
   nsRefPtr<nsCertTreeDispInfo> certdi =
-    GetDispInfoAtIndex(index, outAbsoluteCertOffset);
+    getter_AddRefs(GetDispInfoAtIndex(index, outAbsoluteCertOffset));
   if (!certdi)
     return nsnull;
 
@@ -308,7 +308,7 @@ nsCertTree::GetCertAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset)
 }
 
 //  If the row at index is a cert, return that cert.  Otherwise, return null.
-already_AddRefed<nsCertTreeDispInfo>
+nsCertTreeDispInfo *
 nsCertTree::GetDispInfoAtIndex(PRInt32 index, 
                                PRInt32 *outAbsoluteCertOffset)
 {
@@ -606,6 +606,7 @@ nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
         certdi->mTypeOfEntry = nsCertTreeDispInfo::direct_db;
         // not necessary: certdi->mHostWithPort.Clear();
         certdi->mOverrideBits = nsCertOverride::ob_None;
+        NS_IF_ADDREF(certdi);
         mDispInfo.InsertElementAt(InsertPosition, certdi);
         ++count;
         ++InsertPosition;
@@ -833,7 +834,10 @@ nsCertTree::DeleteEntryObject(PRUint32 index)
         }
       }
 
+      nsCertTreeDispInfo *certdi2 = mDispInfo.ElementAt(certIndex);
       mDispInfo.RemoveElementAt(certIndex);
+      NS_IF_RELEASE(certdi2);
+      certdi2 = 0;
 
       if (canRemoveEntry) {
         RemoveCacheEntry(cert);
@@ -864,7 +868,7 @@ NS_IMETHODIMP
 nsCertTree::GetCert(PRUint32 aIndex, nsIX509Cert **_cert)
 {
   NS_ENSURE_ARG(_cert);
-  *_cert = GetCertAtIndex(aIndex).get();
+  *_cert = GetCertAtIndex(aIndex);
   return NS_OK;
 }
 
@@ -874,7 +878,7 @@ nsCertTree::GetTreeItem(PRUint32 aIndex, nsICertTreeItem **_treeitem)
   NS_ENSURE_ARG(_treeitem);
 
   nsRefPtr<nsCertTreeDispInfo> certdi = 
-    GetDispInfoAtIndex(aIndex);
+    getter_AddRefs(GetDispInfoAtIndex(aIndex));
   if (!certdi)
     return NS_ERROR_FAILURE;
 
@@ -889,7 +893,7 @@ nsCertTree::IsHostPortOverride(PRUint32 aIndex, PRBool *_retval)
   NS_ENSURE_ARG(_retval);
 
   nsRefPtr<nsCertTreeDispInfo> certdi = 
-    GetDispInfoAtIndex(aIndex);
+    getter_AddRefs(GetDispInfoAtIndex(aIndex));
   if (!certdi)
     return NS_ERROR_FAILURE;
 
@@ -1110,7 +1114,7 @@ nsCertTree::GetCellText(PRInt32 row, nsITreeColumn* col,
 
   PRInt32 absoluteCertOffset;
   nsRefPtr<nsCertTreeDispInfo> certdi = 
-    GetDispInfoAtIndex(row, &absoluteCertOffset);
+    getter_AddRefs(GetDispInfoAtIndex(row, &absoluteCertOffset));
   if (!certdi)
     return NS_ERROR_FAILURE;
 
@@ -1392,7 +1396,7 @@ nsCertTree::dumpMap()
       nsAutoString td(el->orgName);
       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("thread desc[%d]: %s", i, NS_LossyConvertUTF16toASCII(td).get()));
     }
-    nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
+    nsCOMPtr<nsIX509Cert> ct = getter_AddRefs(GetCertAtIndex(i));
     if (ct != nsnull) {
       PRUnichar *goo;
       ct->GetCommonName(&goo);
diff --git a/mozilla/security/manager/ssl/src/nsCertTree.h b/mozilla/security/manager/ssl/src/nsCertTree.h
index 1c52edf8bbd..41b56d2bdc6 100644
--- a/mozilla/security/manager/ssl/src/nsCertTree.h
+++ b/mozilla/security/manager/ssl/src/nsCertTree.h
@@ -154,10 +154,9 @@ private:
   nsCOMPtr<nsICertOverrideService> mOverrideService;
 
   treeArrayEl *GetThreadDescAtIndex(PRInt32 _index);
-  already_AddRefed<nsIX509Cert> 
-    GetCertAtIndex(PRInt32 _index, PRInt32 *outAbsoluteCertOffset = nsnull);
-  already_AddRefed<nsCertTreeDispInfo> 
-    GetDispInfoAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset = nsnull);
+  nsIX509Cert *GetCertAtIndex(PRInt32 _index, PRInt32 *outAbsoluteCertOffset = nsnull);
+  nsCertTreeDispInfo *GetDispInfoAtIndex(PRInt32 index,  
+                                         PRInt32 *outAbsoluteCertOffset = nsnull);
   void FreeCertArray();
   nsresult UpdateUIContents();
 
diff --git a/mozilla/security/manager/ssl/src/nsKeygenHandler.cpp b/mozilla/security/manager/ssl/src/nsKeygenHandler.cpp
index f63cd14975a..c15f7c701d6 100644
--- a/mozilla/security/manager/ssl/src/nsKeygenHandler.cpp
+++ b/mozilla/security/manager/ssl/src/nsKeygenHandler.cpp
@@ -478,7 +478,7 @@ GetSlotWithMechanism(PRUint32 aMechanism,
         rv = NS_ERROR_NOT_AVAILABLE;
       }
       else {
-        rv = dialogs->ChooseToken(m_ctx, (const PRUnichar**)tokenNameList, numSlots, &unicodeTokenChosen, &canceled);
+    		rv = dialogs->ChooseToken(nsnull, (const PRUnichar**)tokenNameList, numSlots, &unicodeTokenChosen, &canceled);
       }
     }
 		NS_RELEASE(dialogs);
diff --git a/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp b/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
index 3129fc5b26e..85c5e4d4626 100644
--- a/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -837,17 +837,17 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
           // the code that cares for displaying page info does this already.
           continue;
         }
-
+        
         // We have found a signer cert that we want to remember.
-        nsCAutoString nickname;
-        nickname = nsNSSCertificate::defaultServerNickname(node->cert);
-        if (!nickname.IsEmpty()) {
-          PK11SlotInfo *slot = PK11_GetInternalKeySlot();
-          if (slot) {
-            PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE, 
-                            const_cast<char*>(nickname.get()), PR_FALSE);
-            PK11_FreeSlot(slot);
-          }
+
+        if (!nssComponent) {
+          // delay getting the service until we really need it
+          nsresult rv;
+          nssComponent = do_GetService(kNSSComponentCID, &rv);
+        }
+        
+        if (nssComponent) {
+          nssComponent->RememberCert(node->cert);
         }
       }
 
diff --git a/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp b/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp
index ecf4f63b51a..465ae5a9874 100644
--- a/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -60,7 +60,6 @@
 #include "nsIClientAuthDialogs.h"
 #include "nsICertOverrideService.h"
 #include "nsIBadCertListener2.h"
-#include "nsRecentBadCerts.h"
 
 #include "nsXPIDLString.h"
 #include "nsReadableUtils.h"
@@ -2343,8 +2342,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
   nsCString hostWithPortString = hostString;
   hostWithPortString.AppendLiteral(":");
   hostWithPortString.AppendInt(port);
-
-  NS_ConvertUTF8toUTF16 hostWithPortStringUTF16(hostWithPortString);
+  
 
   // Check the name field against the desired hostname.
   if (hostname && hostname[0] &&
@@ -2446,7 +2444,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
   {
     PRBool haveStoredOverride;
   
-    nsrv = overrideService->HasMatchingOverride(hostWithPortStringUTF16,
+    nsrv = overrideService->HasMatchingOverride(NS_ConvertUTF8toUTF16(hostWithPortString), 
                                                 ix509, 
                                                 &storedOverrideBits, 
                                                 &haveStoredOverride);
@@ -2489,13 +2487,6 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
     }
   }
 
-  nsCOMPtr<nsIRecentBadCertsService> recentBadCertsService = 
-    do_GetService(NS_RECENTBADCERTS_CONTRACTID);
-
-  if (recentBadCertsService) {
-    recentBadCertsService->AddBadCert(hostWithPortStringUTF16, status);
-  }
-
   PR_SetError(errorCodeToReport, 0);
   if (!suppressMessage) {
     nsHandleInvalidCertError(infoObject,
@@ -2505,7 +2496,6 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
                              errorCodeToReport, 
                              ix509);
   }
-
   return cancel_and_failure(infoObject);
 }
 
diff --git a/mozilla/security/manager/ssl/src/nsNSSModule.cpp b/mozilla/security/manager/ssl/src/nsNSSModule.cpp
index d6e71043078..f5042afd0e4 100644
--- a/mozilla/security/manager/ssl/src/nsNSSModule.cpp
+++ b/mozilla/security/manager/ssl/src/nsNSSModule.cpp
@@ -24,7 +24,6 @@
  *   Hubbie Shaw
  *   Doug Turner <dougt@netscape.com>
  *   Brian Ryner <bryner@brianryner.com>
- *   Kai Engert <kengert@redhat.com>
  *
  * Alternatively, the contents of this file may be used under the terms of
  * either the GNU General Public License Version 2 or later (the "GPL"), or
@@ -75,7 +74,6 @@
 #include "nsDataSignatureVerifier.h"
 #include "nsCertOverrideService.h"
 #include "nsRandomGenerator.h"
-#include "nsRecentBadCerts.h"
 
 // We must ensure that the nsNSSComponent has been loaded before
 // creating any other components.
@@ -198,7 +196,6 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsKeyObjectFactory)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsDataSignatureVerifier)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_FALSE, nsCertOverrideService, Init)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsRandomGenerator)
-NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_FALSE, nsRecentBadCertsService, Init)
 
 static NS_METHOD RegisterPSMContentListeners(
                       nsIComponentManager *aCompMgr,
@@ -475,13 +472,6 @@ static const nsModuleComponentInfo components[] =
     NS_RANDOMGENERATOR_CID,
     NS_RANDOMGENERATOR_CONTRACTID,
     nsRandomGeneratorConstructor
-  },
-
-  {
-    "PSM Recent Bad Certs Service",
-    NS_RECENTBADCERTS_CID,
-    NS_RECENTBADCERTS_CONTRACTID,
-    nsRecentBadCertsServiceConstructor
   }
 };
 
diff --git a/mozilla/security/manager/ssl/src/nsRecentBadCerts.cpp b/mozilla/security/manager/ssl/src/nsRecentBadCerts.cpp
index e9a47d5adad..e69de29bb2d 100644
--- a/mozilla/security/manager/ssl/src/nsRecentBadCerts.cpp
+++ b/mozilla/security/manager/ssl/src/nsRecentBadCerts.cpp
@@ -1,190 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is
- * Red Hat, Inc.
- * Portions created by the Initial Developer are Copyright (C) 2006
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Kai Engert <kengert@redhat.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nsRecentBadCerts.h"
-#include "nsIX509Cert.h"
-#include "nsSSLStatus.h"
-#include "nsCOMPtr.h"
-#include "nsNSSCertificate.h"
-#include "nsCRT.h"
-#include "nsPromiseFlatString.h"
-#include "nsStringBuffer.h"
-#include "nsAutoLock.h"
-#include "nsAutoPtr.h"
-#include "nspr.h"
-#include "pk11pub.h"
-#include "certdb.h"
-#include "sechash.h"
-
-#include "nsNSSCleaner.h"
-NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
-
-NS_IMPL_THREADSAFE_ISUPPORTS1(nsRecentBadCertsService, 
-                              nsIRecentBadCertsService)
-
-nsRecentBadCertsService::nsRecentBadCertsService()
-:mNextStorePosition(0)
-{
-  monitor = PR_NewMonitor();
-}
-
-nsRecentBadCertsService::~nsRecentBadCertsService()
-{
-  if (monitor)
-    PR_DestroyMonitor(monitor);
-}
-
-nsresult
-nsRecentBadCertsService::Init()
-{
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsRecentBadCertsService::GetRecentBadCert(const nsAString & aHostNameWithPort, 
-                                          nsISSLStatus **aStatus)
-{
-  NS_ENSURE_ARG_POINTER(aStatus);
-  if (!aHostNameWithPort.Length())
-    return NS_ERROR_INVALID_ARG;
-
-  *aStatus = nsnull;
-  nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
-  if (!status)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  SECItem foundDER;
-  foundDER.len = 0;
-  foundDER.data = nsnull;
-
-  PRBool isDomainMismatch;
-  PRBool isNotValidAtThisTime;
-  PRBool isUntrusted;
-
-  {
-    nsAutoMonitor lock(monitor);
-    for (size_t i=0; i<const_recently_seen_list_size; ++i) {
-      if (mCerts[i].mHostWithPort.Equals(aHostNameWithPort)) {
-        SECStatus srv = SECITEM_CopyItem(nsnull, &foundDER, &mCerts[i].mDERCert);
-        if (srv != SECSuccess)
-          return NS_ERROR_OUT_OF_MEMORY;
-
-        isDomainMismatch = mCerts[i].isDomainMismatch;
-        isNotValidAtThisTime = mCerts[i].isNotValidAtThisTime;
-        isUntrusted = mCerts[i].isUntrusted;
-      }
-    }
-  }
-
-  if (foundDER.len) {
-    CERTCertificate *nssCert;
-    CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
-    nssCert = CERT_FindCertByDERCert(certdb, &foundDER);
-    if (!nssCert) 
-      nssCert = CERT_NewTempCertificate(certdb, &foundDER,
-                                        nsnull, // no nickname
-                                        PR_FALSE, // not perm
-                                        PR_TRUE); // copy der
-
-    SECITEM_FreeItem(&foundDER, PR_FALSE);
-
-    if (!nssCert)
-      return NS_ERROR_FAILURE;
-
-    status->mServerCert = new nsNSSCertificate(nssCert);
-    CERT_DestroyCertificate(nssCert);
-
-    status->mHaveCertStatus = PR_TRUE;
-    status->mIsDomainMismatch = isDomainMismatch;
-    status->mIsNotValidAtThisTime = isNotValidAtThisTime;
-    status->mIsUntrusted = isUntrusted;
-
-    *aStatus = status;
-    NS_IF_ADDREF(*aStatus);
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsRecentBadCertsService::AddBadCert(const nsAString &hostWithPort, 
-                                    nsISSLStatus *aStatus)
-{
-  NS_ENSURE_ARG(aStatus);
-
-  nsCOMPtr<nsIX509Cert> cert;
-  nsresult rv;
-  rv = aStatus->GetServerCert(getter_AddRefs(cert));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  PRBool isDomainMismatch;
-  PRBool isNotValidAtThisTime;
-  PRBool isUntrusted;
-
-  rv = aStatus->GetIsDomainMismatch(&isDomainMismatch);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = aStatus->GetIsNotValidAtThisTime(&isNotValidAtThisTime);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = aStatus->GetIsUntrusted(&isUntrusted);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  SECItem tempItem;
-  rv = cert->GetRawDER(&tempItem.len, (PRUint8 **)&tempItem.data);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  {
-    nsAutoMonitor lock(monitor);
-    RecentBadCert &updatedEntry = mCerts[mNextStorePosition];
-
-    ++mNextStorePosition;
-    if (mNextStorePosition == const_recently_seen_list_size)
-      mNextStorePosition = 0;
-
-    updatedEntry.Clear();
-    updatedEntry.mHostWithPort = hostWithPort;
-    updatedEntry.mDERCert = tempItem; // consume
-    updatedEntry.isDomainMismatch = isDomainMismatch;
-    updatedEntry.isNotValidAtThisTime = isNotValidAtThisTime;
-    updatedEntry.isUntrusted = isUntrusted;
-  }
-
-  return NS_OK;
-}
diff --git a/mozilla/security/manager/ssl/src/nsRecentBadCerts.h b/mozilla/security/manager/ssl/src/nsRecentBadCerts.h
index 13fe6685fda..e69de29bb2d 100644
--- a/mozilla/security/manager/ssl/src/nsRecentBadCerts.h
+++ b/mozilla/security/manager/ssl/src/nsRecentBadCerts.h
@@ -1,124 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is
- * Red Hat, Inc.
- * Portions created by the Initial Developer are Copyright (C) 2006
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Kai Engert <kengert@redhat.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef __RECENTBADCERTS_H__
-#define __RECENTBADCERTS_H__
-
-#include "nsIRecentBadCertsService.h"
-#include "nsTHashtable.h"
-#include "nsString.h"
-#include "prmon.h"
-#include "secitem.h"
-
-class RecentBadCert
-{
-public:
-
-  RecentBadCert()
-  {
-    mDERCert.len = 0;
-    mDERCert.data = nsnull;
-    isDomainMismatch = PR_FALSE;
-    isNotValidAtThisTime = PR_FALSE;
-    isUntrusted = PR_FALSE;
-  }
-
-  ~RecentBadCert()
-  {
-    Clear();
-  }
-
-  void Clear()
-  {
-    mHostWithPort.Truncate();
-    if (mDERCert.len)
-      nsMemory::Free(mDERCert.data);
-    mDERCert.len = 0;
-    mDERCert.data = nsnull;
-  }
-
-  nsString mHostWithPort;
-  SECItem mDERCert;
-  PRBool isDomainMismatch;
-  PRBool isNotValidAtThisTime;
-  PRBool isUntrusted;
-
-private:
-  RecentBadCert(const RecentBadCert &other)
-  {
-    NS_NOTREACHED("RecentBadCert(const RecentBadCert &other) not implemented");
-    this->operator=(other);
-  }
-
-  RecentBadCert &operator=(const RecentBadCert &other)
-  {
-    NS_NOTREACHED("RecentBadCert &operator=(const RecentBadCert &other) not implemented");
-    return *this;
-  }
-};
-
-class nsRecentBadCertsService : public nsIRecentBadCertsService
-{
-public:
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIRECENTBADCERTSSERVICE
-
-  nsRecentBadCertsService();
-  ~nsRecentBadCertsService();
-
-  nsresult Init();
-
-protected:
-    PRMonitor *monitor;
-
-    enum {const_recently_seen_list_size = 5};
-    RecentBadCert mCerts[const_recently_seen_list_size];
-
-    // will be in the range of 0 to list_size-1
-    PRUint32 mNextStorePosition;
-};
-
-#define NS_RECENTBADCERTS_CID { /* e7caf8c0-3570-47fe-aa1b-da47539b5d07 */ \
-    0xe7caf8c0,                                                        \
-    0x3570,                                                            \
-    0x47fe,                                                            \
-    {0xaa, 0x1b, 0xda, 0x47, 0x53, 0x9b, 0x5d, 0x07}                   \
-  }
-
-#endif