Interface nsINSSComponentType

Test utility for adding an intermediate certificate to the current set of imported enterprise intermediates, if any. Additions to the set made using this function will be cleared when the value of the preference "security.enterprise_roots.enabled" changes.

For clearing both SSL internal and external session cache from JS.

For performance reasons, the builtin roots module is loaded on a background thread. When any code that depends on the builtin roots module runs, it must first wait for the module to be loaded.

In theory a token on a PKCS#11 module can be inserted or removed at any time. Operations that may depend on resources on external tokens should call this to ensure they have a recent view of the token.

For clearing both SSL internal and external session cache from JS. WARNING: May be racy when using the socket process.

Returns an already-adrefed handle to the currently configured shared certificate verifier.

Returns true if the user has a PKCS#11 module with removable slots.

Returns true if the user has any client authentication certificates.

Used to determine if the given certificate (represented as an array of bytes) is the certificate we use in tests to simulate a built-in root certificate. Returns false in non-debug builds.

Used to potentially detect when a user's internet connection is being intercepted. When doing an update ping, if certificate verification fails, we make a note of the issuer distinguished name of that certificate. If a subsequent certificate verification fails, we compare issuer distinguished names. If they match, something may be intercepting the user's traffic (if they don't match, the server is likely misconfigured). This function succeeds if the given DN matches the noted DN and fails otherwise (e.g. if the update ping never failed).

When we log out of a PKCS#11 token, any TLS connections that may have involved a client certificate stored on that token must be closed. Since we don't have a fine-grained way to do this, we basically cancel everything. More speficially, this clears all temporary certificate exception overrides and any remembered client authentication certificate decisions, and then cancels all network connections (strictly speaking, this last part is overzealous - we only need to cancel all https connections (see bug 1446645)).