This represents the global list of triples
   {host:port, cert-fingerprint, allowed-overrides} 
 that the user wants to accept without further warnings.
[scriptable, uuid(31738d2a-77d3-4359-84c9-4be2f38fb8c5)]
interface nsICertOverrideService : nsISupports

Constants

  Override Untrusted
const short ERROR_UNTRUSTED = 1 
  Override hostname Mismatch
const short ERROR_MISMATCH = 2 
  Override Time error
const short ERROR_TIME = 4

Methods

  Remove a override for the given hostname:port.

  @param aHostName The host (punycode) whose entry should be cleared.
  @param aPort The port whose entry should be cleared, if it is -1 then it 
          is internaly treated as 443
void clearValidityOverride(in ACString aHostName, in PRInt32 aPort) 
  Obtain the full list of hostname:port for which overrides are known.

  @param aCount The number of host:port entries returned
  @param aHostsWithPortsArray The array of host:port entries returned
void getAllOverrideHostsWithPorts(out PRUint32 aCount, [array, size_is(aCount)] out wstring aHostsWithPortsArray) 
  Retrieve the stored override for the given hostname:port.

  @param aHostName The host (punycode) whose entry should be tested
  @param aPort The port whose entry should be tested, if it is -1 then it 
          is internaly treated as 443
  @param aHashAlg On return value True, the fingerprint hash algorithm
                  as an OID value in dotted notation.
  @param aFingerprint On return value True, the stored fingerprint 
  @param aOverrideBits The errors that are currently overriden
  @return whether a matching override entry for aHostNameWithPort 
          and aFingerprint is currently on file
boolean getValidityOverride(in ACString aHostName, in PRInt32 aPort, out ACString aHashAlg, out ACString aFingerprint, out PRUint32 aOverrideBits, out boolean aIsTemporary) 
  The given cert should always be accepted for the given hostname:port,
  regardless of errors verifying the cert.
  Host:Port is a primary key, only one entry per host:port can exist.
  The implementation will store a fingerprint of the cert.
  The implementation will decide which fingerprint alg is used.

  @param aHostName The host (punycode) this mapping belongs to
  @param aPort The port this mapping belongs to, if it is -1 then it 
          is internaly treated as 443
  @param aCert The cert that should always be accepted
  @param aOverrideBits The errors that are currently overriden
  @return whether an override entry for aHostNameWithPort is currently on file
          that matches the given certificate
boolean hasMatchingOverride(in ACString aHostName, in PRInt32 aPort, in nsIX509Cert aCert, out PRUint32 aOverrideBits, out boolean aIsTemporary) 
  Is the given cert used in rules?

  @param aCert The cert we're looking for
  @return how many override entries are currently on file
          for the given certificate
PRUint32 isCertUsedForOverrides(in nsIX509Cert aCert, in boolean aCheckTemporaries, in boolean aCheckPermanents) 
  The given cert should always be accepted for the given hostname:port,
  regardless of errors verifying the cert.
  Host:Port is a primary key, only one entry per host:port can exist.
  The implementation will store a fingerprint of the cert.
  The implementation will decide which fingerprint alg is used.

  @param aHostName The host (punycode) this mapping belongs to
  @param aPort The port this mapping belongs to, if it is -1 then it 
          is internaly treated as 443
  @param aCert The cert that should always be accepted
  @param aOverrideBits The errors we want to be overriden
void rememberValidityOverride(in ACString aHostName, in PRInt32 aPort, in nsIX509Cert aCert, in PRUint32 aOverrideBits, in boolean aTemporary)