+++ This bug was initially created as a clone of Bug #867473 +++ +++ This bug was initially created as a clone of Bug #867432 +++ +++ This bug was initially created as a clone of Bug #775698 +++ Certificate validation does disk I/O and/or network I/O so it should never be done on the main thread. Unfortunately, nsIX509Cert.isExtendedValidation is impossible to implement with its current synchronous signature without doing network I/O or disk I/O on the main thread. Also, the existence of this function complicates the insanity::pkix integration into Firefox. CertVerifier now calculates the EV status of a certificate on its own. So, we should be able to remove nsNSSCertificate::GetIsExtendedValidation, nsNSSCertificate::GetValidEVPolicyOid, and then remove nsIIdentityInfo, all relatively easily. The details tab of the cert viewer uses GetValidEVPolicyOid to show EV policy OID names (e.g. "Comodo EV OID") only when the certificate is valid according to that policy. We should just change the certificate viewer to always show the EV policy OID name, regardless of whether the certificate is valid for that EV policy OID. The meaning of an OID doesn't change based on the validity of the certificate, and this part of the details tree for the certificate in the certificate viewer is a bad way to indicate that the certificate is/isn't an EV certificate.

(In reply to Brian Smith (:bsmith) from comment #0) > The details tab of the cert viewer uses GetValidEVPolicyOid to show EV > policy OID names (e.g. "Comodo EV OID") only when the certificate is valid > according to that policy. We should just change the certificate viewer to > always show the EV policy OID name, regardless of whether the certificate is > valid for that EV policy OID. Yes, please. At the time this code was initially added (attachment 285820 [details] [diff] [review], cf. bug 374336), I already pointed out to Kai that the cert viewer's "Details" tab isn't really the right place for this - bug 400036 comment 2.

These all have been removed.