43f726
diff --git a/security/manager/locales/en-US/security/certificates/certManager.ftl b/security/manager/locales/en-US/security/certificates/certManager.ftl
43f726
--- a/security/manager/locales/en-US/security/certificates/certManager.ftl
43f726
+++ b/security/manager/locales/en-US/security/certificates/certManager.ftl
43f726
@@ -51,9 +51,6 @@ certmgr-cert-name =
43f726
 certmgr-cert-server =
43f726
     .label = Server
43f726
 
43f726
-certmgr-override-lifetime =
43f726
-    .label = Lifetime
43f726
-
43f726
 certmgr-token-name =
43f726
     .label = Security Device
43f726
 
43f726
@@ -69,6 +66,9 @@ certmgr-email =
43f726
 certmgr-serial =
43f726
     .label = Serial Number
43f726
 
43f726
+certmgr-fingerprint-sha-256 =
43f726
+    .label = SHA-256 Fingerprint
43f726
+
43f726
 certmgr-view =
43f726
     .label = View…
43f726
     .accesskey = V
43f726
diff --git a/security/manager/pki/resources/content/certManager.js b/security/manager/pki/resources/content/certManager.js
43f726
--- a/security/manager/pki/resources/content/certManager.js
43f726
+++ b/security/manager/pki/resources/content/certManager.js
43f726
@@ -64,22 +64,16 @@ var serverRichList = {
43f726
 
43f726
   buildRichList() {
43f726
     let overrides = overrideService.getOverrides().map(item => {
43f726
-      let cert = null;
43f726
-      if (item.dbKey !== "") {
43f726
-        cert = certdb.findCertByDBKey(item.dbKey);
43f726
-      }
43f726
       return {
43f726
         hostPort: item.hostPort,
43f726
-        dbKey: item.dbKey,
43f726
         asciiHost: item.asciiHost,
43f726
         port: item.port,
43f726
         originAttributes: item.originAttributes,
43f726
-        isTemporary: item.isTemporary,
43f726
-        displayName: cert !== null ? cert.displayName : "",
43f726
+        fingerprint: item.fingerprint,
43f726
       };
43f726
     });
43f726
     overrides.sort((a, b) => {
43f726
-      let criteria = ["hostPort", "displayName"];
43f726
+      let criteria = ["hostPort", "fingerprint"];
43f726
       for (let c of criteria) {
43f726
         let res = a[c].localeCompare(b[c]);
43f726
         if (res !== 0) {
43f726
@@ -106,10 +100,10 @@ var serverRichList = {
43f726
   _richBoxAddItem(item) {
43f726
     let richlistitem = document.createXULElement("richlistitem");
43f726
 
43f726
-    richlistitem.setAttribute("dbKey", item.dbKey);
43f726
     richlistitem.setAttribute("host", item.asciiHost);
43f726
     richlistitem.setAttribute("port", item.port);
43f726
     richlistitem.setAttribute("hostPort", item.hostPort);
43f726
+    richlistitem.setAttribute("fingerprint", item.fingerprint);
43f726
     richlistitem.setAttribute(
43f726
       "originAttributes",
43f726
       JSON.stringify(item.originAttributes)
43f726
@@ -120,18 +114,7 @@ var serverRichList = {
43f726
     hbox.setAttribute("equalsize", "always");
43f726
 
43f726
     hbox.appendChild(createRichlistItem({ raw: item.hostPort }));
43f726
-    hbox.appendChild(
43f726
-      createRichlistItem(
43f726
-        item.displayName !== ""
43f726
-          ? { raw: item.displayName }
43f726
-          : { l10nid: "no-cert-stored-for-override" }
43f726
-      )
43f726
-    );
43f726
-    hbox.appendChild(
43f726
-      createRichlistItem({
43f726
-        l10nid: item.isTemporary ? "temporary-override" : "permanent-override",
43f726
-      })
43f726
-    );
43f726
+    hbox.appendChild(createRichlistItem({ raw: item.fingerprint }));
43f726
 
43f726
     richlistitem.appendChild(hbox);
43f726
 
43f726
@@ -170,32 +153,6 @@ var serverRichList = {
43f726
     }
43f726
   },
43f726
 
43f726
-  viewSelectedRichListItem() {
43f726
-    let selectedItem = this.richlist.selectedItem;
43f726
-    if (!selectedItem) {
43f726
-      return;
43f726
-    }
43f726
-
43f726
-    let dbKey = selectedItem.getAttribute("dbKey");
43f726
-    if (dbKey) {
43f726
-      let cert = certdb.findCertByDBKey(dbKey);
43f726
-      viewCertHelper(window, cert);
43f726
-    }
43f726
-  },
43f726
-
43f726
-  exportSelectedRichListItem() {
43f726
-    let selectedItem = this.richlist.selectedItem;
43f726
-    if (!selectedItem) {
43f726
-      return;
43f726
-    }
43f726
-
43f726
-    let dbKey = selectedItem.getAttribute("dbKey");
43f726
-    if (dbKey) {
43f726
-      let cert = certdb.findCertByDBKey(dbKey);
43f726
-      exportToFile(window, cert);
43f726
-    }
43f726
-  },
43f726
-
43f726
   addException() {
43f726
     let retval = {
43f726
       exceptionAdded: false,
43f726
@@ -212,16 +169,8 @@ var serverRichList = {
43f726
   },
43f726
 
43f726
   _setButtonState() {
43f726
-    let websiteViewButton = document.getElementById("websites_viewButton");
43f726
-    let websiteExportButton = document.getElementById("websites_exportButton");
43f726
     let websiteDeleteButton = document.getElementById("websites_deleteButton");
43f726
-
43f726
-    let certKey = this.richlist.selectedItem?.getAttribute("dbKey");
43f726
-    let cert = certKey && certdb.findCertByDBKey(certKey);
43f726
-
43f726
     websiteDeleteButton.disabled = this.richlist.selectedIndex < 0;
43f726
-    websiteExportButton.disabled = !cert;
43f726
-    websiteViewButton.disabled = websiteExportButton.disabled;
43f726
   },
43f726
 };
43f726
 /**
43f726
diff --git a/security/manager/pki/resources/content/certManager.xhtml b/security/manager/pki/resources/content/certManager.xhtml
43f726
--- a/security/manager/pki/resources/content/certManager.xhtml
43f726
+++ b/security/manager/pki/resources/content/certManager.xhtml
43f726
@@ -157,18 +157,13 @@
43f726
43f726
            <listheader equalsize="always">
43f726
              <treecol id="sitecol" data-l10n-id="certmgr-cert-server" primary="true" flex="1"/>
43f726
-             <treecol id="certcol" data-l10n-id="certmgr-cert-name" flex="1"/>
43f726
-             <treecol id="lifetimecol" data-l10n-id="certmgr-override-lifetime" flex="1"/>
43f726
+            <treecol id="sha256col" data-l10n-id="certmgr-fingerprint-sha-256" flex="1"/>
43f726
            </listheader>
43f726
            <richlistbox ondblclick="serverRichList.viewSelectedRichListItem();" class="certManagerRichlistBox" id="serverList" flex="1" selected="false"/>
43f726
43f726
           <separator class="thin"/>
43f726
43f726
           <hbox>
43f726
-            
43f726
-                    data-l10n-id="certmgr-view" oncommand="serverRichList.viewSelectedRichListItem();"/>
43f726
-            
43f726
-                    data-l10n-id="certmgr-export" oncommand="serverRichList.exportSelectedRichListItem();"/>
43f726
             
43f726
                     data-l10n-id="certmgr-delete" oncommand="serverRichList.deleteSelectedRichListItem();"/>
43f726
             
43f726
diff --git a/security/manager/ssl/nsCertOverrideService.cpp b/security/manager/ssl/nsCertOverrideService.cpp
43f726
--- a/security/manager/ssl/nsCertOverrideService.cpp
43f726
+++ b/security/manager/ssl/nsCertOverrideService.cpp
43f726
@@ -106,8 +106,8 @@ nsCertOverride::GetAsciiHost(/*out*/ nsA
43f726
 }
43f726
 
43f726
 NS_IMETHODIMP
43f726
-nsCertOverride::GetDbKey(/*out*/ nsACString& aDBKey) {
43f726
-  aDBKey = mDBKey;
43f726
+nsCertOverride::GetFingerprint(/*out*/ nsACString& aFingerprint) {
43f726
+  aFingerprint = mFingerprint;
43f726
   return NS_OK;
43f726
 }
43f726
 
43f726
@@ -118,12 +118,6 @@ nsCertOverride::GetPort(/*out*/ int32_t*
43f726
 }
43f726
 
43f726
 NS_IMETHODIMP
43f726
-nsCertOverride::GetIsTemporary(/*out*/ bool* aIsTemporary) {
43f726
-  *aIsTemporary = mIsTemporary;
43f726
-  return NS_OK;
43f726
-}
43f726
-
43f726
-NS_IMETHODIMP
43f726
 nsCertOverride::GetHostPort(/*out*/ nsACString& aHostPort) {
43f726
   nsCertOverrideService::GetHostWithPort(mAsciiHost, mPort, aHostPort);
43f726
   return NS_OK;
43f726
@@ -274,7 +268,6 @@ void nsCertOverrideService::RemoveAllTem
43f726
   for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
43f726
     nsCertOverrideEntry* entry = iter.Get();
43f726
     if (entry->mSettings->mIsTemporary) {
43f726
-      entry->mSettings->mCert = nullptr;
43f726
       iter.Remove();
43f726
     }
43f726
   }
43f726
@@ -297,18 +297,11 @@
43f726
   nsAutoCString buffer;
43f726
   bool isMore = true;
43f726
 
43f726
-  /* file format is:
43f726
-   *
43f726
-   * host:port:originattributes \t fingerprint-algorithm \t fingerprint \t
43f726
-   * override-mask \t dbKey
43f726
-   *
43f726
-   *   where override-mask is a sequence of characters,
43f726
-   *     M meaning hostname-Mismatch-override
43f726
-   *     U meaning Untrusted-override
43f726
-   *     T meaning Time-error-override (expired/not yet valid)
43f726
-   *
43f726
-   * if this format isn't respected we move onto the next line in the file.
43f726
-   */
43f726
+  // Each line is of the form:
43f726
+  // host:port:originAttributes \t sSHA256OIDString \t fingerprint \t
43f726
+  // There may be some "bits" identifiers and "dbKey" after the `fingerprint`
43f726
+  // field in 'fingerprint \t \t dbKey' format, but these are now ignored.
43f726
+  // Lines that don't match this form are silently dropped.
43f726
 
43f726
   while (isMore && NS_SUCCEEDED(lineInputStream->ReadLine(buffer, &isMore))) {
43f726
     if (buffer.IsEmpty() || buffer.First() == '#') {
43f726
@@ -350,23 +343,10 @@
43f726
         fingerprint.Length() == 0) {
43f726
       continue;
43f726
     }
43f726
-    nsDependentCSubstring bitsString;
43f726
-    if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), bitsString) ||
43f726
-        bitsString.Length() == 0) {
43f726
-      continue;
43f726
-    }
43f726
-    nsDependentCSubstring dbKey;
43f726
-    if (!parser.ReadUntil(Tokenizer::Token::EndOfFile(), dbKey) ||
43f726
-        dbKey.Length() == 0) {
43f726
-      continue;
43f726
-    }
43f726
-    nsCertOverride::OverrideBits bits;
43f726
-    nsCertOverride::convertStringToBits(bitsString, bits);
43f726
 
43f726
     AddEntryToList(host, port, attributes,
43f726
-                   nullptr,  // don't have the cert
43f726
-                   false,    // not temporary
43f726
-                   fingerprint, bits, dbKey, aProofOfLock);
43f726
+                   false,  // not temporary
43f726
+                   fingerprint, aProofOfLock);
43f726
   }
43f726
 
43f726
   return NS_OK;
43f726
@@ -412,9 +392,8 @@
43f726
     output.Append(kTab);
43f726
     output.Append(settings->mFingerprint);
43f726
     output.Append(kTab);
43f726
-    output.Append(bitsString);
43f726
-    output.Append(kTab);
43f726
-    output.Append(settings->mDBKey);
43f726
+    // the "bits" string used to go here, but it no longer exists
43f726
+    // the "\t dbKey" string used to go here, but it no longer exists
43f726
     output.Append(NS_LINEBREAK);
43f726
   }
43f726
 
43f726
@@ -462,42 +441,16 @@
43f726
     return NS_ERROR_FAILURE;
43f726
   }
43f726
 
43f726
-  nsAutoCString nickname;
43f726
-  nsresult rv = DefaultServerNicknameForCert(nsscert.get(), nickname);
43f726
-  if (!aTemporary && NS_SUCCEEDED(rv)) {
43f726
-    UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
43f726
-    if (!slot) {
43f726
-      return NS_ERROR_FAILURE;
43f726
-    }
43f726
-
43f726
-    // This can fail (for example, if we're in read-only mode). Luckily, we
43f726
-    // don't even need it to succeed - we always match on the stored hash of the
43f726
-    // certificate rather than the full certificate. It makes the display a bit
43f726
-    // less informative (since we won't have a certificate to display), but it's
43f726
-    // better than failing the entire operation.
43f726
-    Unused << PK11_ImportCert(slot.get(), nsscert.get(), CK_INVALID_HANDLE,
43f726
-                              nickname.get(), false);
43f726
-  }
43f726
-
43f726
   nsAutoCString fpStr;
43f726
-  rv = GetCertSha256Fingerprint(aCert, fpStr);
43f726
-  if (NS_FAILED(rv)) {
43f726
-    return rv;
43f726
-  }
43f726
-
43f726
-  nsAutoCString dbkey;
43f726
-  rv = aCert->GetDbKey(dbkey);
43f726
+  nsresult rv = GetCertSha256Fingerprint(aCert, fpStr);
43f726
   if (NS_FAILED(rv)) {
43f726
     return rv;
43f726
   }
43f726
 
43f726
   {
43f726
     MutexAutoLock lock(mMutex);
43f726
-    AddEntryToList(aHostName, aPort, aOriginAttributes,
43f726
-                   aTemporary ? aCert : nullptr,
43f726
-                   // keep a reference to the cert for temporary overrides
43f726
-                   aTemporary, fpStr,
43f726
-                   (nsCertOverride::OverrideBits)aOverrideBits, dbkey, lock);
43f726
+    AddEntryToList(aHostName, aPort, aOriginAttributes, aTemporary, fpStr,
43f726
+                   lock);
43f726
     if (!aTemporary) {
43f726
       Write(lock);
43f726
     }
43f726
@@ -532,10 +485,8 @@
43f726
 
43f726
   MutexAutoLock lock(mMutex);
43f726
   AddEntryToList(aHostName, aPort, aOriginAttributes,
43f726
-                 nullptr,  // No cert to keep alive
43f726
                  true,     // temporary
43f726
-                 aCertFingerprint, (nsCertOverride::OverrideBits)aOverrideBits,
43f726
-                 ""_ns,  // dbkey
43f726
+                 aCertFingerprint,
43f726
                  lock);
43f726
 
43f726
   return NS_OK;
43f726
@@ -632,10 +583,8 @@
43f726
 
43f726
 nsresult nsCertOverrideService::AddEntryToList(
43f726
     const nsACString& aHostName, int32_t aPort,
43f726
-    const OriginAttributes& aOriginAttributes, nsIX509Cert* aCert,
43f726
-    const bool aIsTemporary, const nsACString& fingerprint,
43f726
-    nsCertOverride::OverrideBits ob, const nsACString& dbKey,
43f726
-    const MutexAutoLock& aProofOfLock) {
43f726
+    const OriginAttributes& aOriginAttributes, const bool aIsTemporary,
43f726
+    const nsACString& fingerprint, const MutexAutoLock& aProofOfLock) {
43f726
   mMutex.AssertCurrentThreadOwns();
43f726
   nsAutoCString keyString;
43f726
   GetKeyString(aHostName, aPort, aOriginAttributes, keyString);
43f726
@@ -656,11 +605,6 @@
43f726
   settings->mOriginAttributes = aOriginAttributes;
43f726
   settings->mIsTemporary = aIsTemporary;
43f726
   settings->mFingerprint = fingerprint;
43f726
-  settings->mOverrideBits = ob;
43f726
-  settings->mDBKey = dbKey;
43f726
-  // remove whitespace from stored dbKey for backwards compatibility
43f726
-  settings->mDBKey.StripWhitespace();
43f726
-  settings->mCert = aCert;
43f726
   entry->mSettings = settings;
43f726
 
43f726
   return NS_OK;
43f726
diff --git a/security/manager/ssl/nsCertOverrideService.h b/security/manager/ssl/nsCertOverrideService.h
43f726
--- a/security/manager/ssl/nsCertOverrideService.h
43f726
+++ b/security/manager/ssl/nsCertOverrideService.h
43f726
@@ -43,8 +43,6 @@
43f726
   bool mIsTemporary;  // true: session only, false: stored on disk
43f726
   nsCString mFingerprint;
43f726
   OverrideBits mOverrideBits;
43f726
-  nsCString mDBKey;
43f726
-  nsCOMPtr<nsIX509Cert> mCert;
43f726
 
43f726
   static void convertBitsToString(OverrideBits ob, nsACString& str);
43f726
   static void convertStringToBits(const nsACString& str, OverrideBits& ob);
43f726
@@ -145,10 +143,8 @@
43f726
   nsresult Write(const mozilla::MutexAutoLock& aProofOfLock);
43f726
   nsresult AddEntryToList(const nsACString& host, int32_t port,
43f726
                           const OriginAttributes& aOriginAttributes,
43f726
-                          nsIX509Cert* aCert, const bool aIsTemporary,
43f726
+                          const bool aIsTemporary,
43f726
                           const nsACString& fingerprint,
43f726
-                          nsCertOverride::OverrideBits ob,
43f726
-                          const nsACString& dbKey,
43f726
                           const mozilla::MutexAutoLock& aProofOfLock);
43f726
 
43f726
   // Set in constructor only
43f726
diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp
43f726
--- a/security/manager/ssl/SSLServerCertVerification.cpp
43f726
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
43f726
@@ -791,8 +791,8 @@
43f726
           aHostName, aPort, aOriginAttributes, aCert, &overrideBits,
43f726
           &isTemporaryOverride, &haveOverride);
43f726
       if (NS_SUCCEEDED(rv) && haveOverride) {
43f726
-        // remove the errors that are already overriden
43f726
-        remainingDisplayErrors &= ~overrideBits;
43f726
+        // remove all the errors
43f726
+        remainingDisplayErrors = 0;
43f726
       }
43f726
     }
43f726
43f726
diff --git a/security/manager/ssl/nsICertOverrideService.idl b/security/manager/ssl/nsICertOverrideService.idl
43f726
--- a/security/manager/ssl/nsICertOverrideService.idl
43f726
+++ b/security/manager/ssl/nsICertOverrideService.idl
43f726
@@ -33,17 +33,6 @@ interface nsICertOverride : nsISupports 
43f726
   readonly attribute int32_t port;
43f726
 
43f726
   /**
43f726
-  *   Whether or not the override is only used for this
43f726
-  *   session (true) or stored persistently (false)
43f726
-  */
43f726
-  readonly attribute boolean isTemporary;
43f726
-
43f726
-  /**
43f726
-  *   The database key for the associated certificate.
43f726
-  */
43f726
-  readonly attribute ACString dbKey;
43f726
-
43f726
-  /**
43f726
   *   A combination of hostname and port in the form host:port.
43f726
   *   Since the port can be -1 which is equivalent to port 433 we use an
43f726
   *   existing function of nsCertOverrideService to create this property.
43f726
@@ -51,6 +40,11 @@ interface nsICertOverride : nsISupports 
43f726
   readonly attribute ACString hostPort;
43f726
 
43f726
   /**
43f726
+  *   The fingerprint for the associated certificate.
43f726
+  */
43f726
+  readonly attribute ACString fingerprint;
43f726
+
43f726
+  /**
43f726
   *   The origin attributes associated with this override.
43f726
   */
43f726
   [implicit_jscontext]
43f726
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js b/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js
43f726
--- a/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js
43f726
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js
43f726
@@ -27,9 +27,7 @@ async function checkServerCertificates(w
43f726
 
43f726
   expectedValues.forEach((item, i) => {
43f726
     let hostPort = labels[i * 3].value;
43f726
-    let certString = labels[i * 3 + 1].value || labels[i * 3 + 1].textContent;
43f726
-    let isTemporaryString =
43f726
-      labels[i * 3 + 2].value || labels[i * 3 + 2].textContent;
43f726
+    let fingerprint = labels[i * 3 + 1].value || labels[i * 3 + 1].textContent;
43f726
 
43f726
     Assert.equal(
43f726
       hostPort,
43f726
@@ -38,15 +36,9 @@ async function checkServerCertificates(w
43f726
     );
43f726
 
43f726
     Assert.equal(
43f726
-      certString,
43f726
-      item.certName,
43f726
-      `Expected override to have field ${item.certName}`
43f726
-    );
43f726
-
43f726
-    Assert.equal(
43f726
-      isTemporaryString,
43f726
-      item.isTemporary ? "Temporary" : "Permanent",
43f726
-      `Expected override to be ${item.isTemporary ? "Temporary" : "Permanent"}`
43f726
+      fingerprint,
43f726
+      item.fingerprint,
43f726
+      `Expected override to have field ${item.fingerprint}`
43f726
     );
43f726
   });
43f726
 }
43f726
@@ -73,41 +73,6 @@
43f726
   );
43f726
 }
43f726
 
43f726
-async function testViewButton(win) {
43f726
-  win.document.getElementById("serverList").selectedIndex = 1;
43f726
-
43f726
-  Assert.ok(
43f726
-    win.document.getElementById("websites_viewButton").disabled,
43f726
-    "View button should be disabled for override without cert"
43f726
-  );
43f726
-
43f726
-  win.document.getElementById("serverList").selectedIndex = 0;
43f726
-
43f726
-  Assert.ok(
43f726
-    !win.document.getElementById("websites_viewButton").disabled,
43f726
-    "View button should be enabled for override with cert"
43f726
-  );
43f726
-
43f726
-  let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true);
43f726
-
43f726
-  win.document.getElementById("websites_viewButton").click();
43f726
-
43f726
-  let newTab = await loaded;
43f726
-  let spec = newTab.linkedBrowser.documentURI.spec;
43f726
-
43f726
-  Assert.ok(
43f726
-    spec.startsWith("about:certificate"),
43f726
-    "about:certificate should habe been opened"
43f726
-  );
43f726
-
43f726
-  let newUrl = new URL(spec);
43f726
-  let certEncoded = newUrl.searchParams.get("cert");
43f726
-  let certDecoded = decodeURIComponent(certEncoded);
43f726
-  Assert.ok(certDecoded, "should have some certificate as cert url param");
43f726
-
43f726
-  gBrowser.removeCurrentTab();
43f726
-}
43f726
-
43f726
 add_task(async function test_cert_manager_server_tab() {
43f726
   let win = await openCertManager();
43f726
 
43f726
@@ -134,48 +99,13 @@
43f726
   await checkServerCertificates(win, [
43f726
     {
43f726
       hostPort: "example.com:443",
43f726
-      certName: "md5-ee",
43f726
-      isTemporary: false,
43f726
-    },
43f726
-  ]);
43f726
-
43f726
-  win.document.getElementById("certmanager").acceptDialog();
43f726
-  await BrowserTestUtils.windowClosed(win);
43f726
-
43f726
-  certOverrideService.rememberTemporaryValidityOverrideUsingFingerprint(
43f726
-    "example.com",
43f726
-    9999,
43f726
-    {},
43f726
-    "40:20:3E:57:FB:82:95:0D:3F:62:D7:04:39:F6:32:CC:B2:2F:70:9F:3E:66:C5:35:64:6E:49:2A:F1:02:75:9F",
43f726
-    Ci.nsICertOverrideService.ERROR_UNTRUSTED
43f726
-  );
43f726
-
43f726
-  win = await openCertManager();
43f726
-
43f726
-  await checkServerCertificates(win, [
43f726
-    {
43f726
-      hostPort: "example.com:443",
43f726
-      certName: "md5-ee",
43f726
-      isTemporary: false,
43f726
-    },
43f726
-    {
43f726
-      hostPort: "example.com:9999",
43f726
-      certName: "(Not Stored)",
43f726
-      isTemporary: true,
43f726
+      fingerprint: cert.sha256Fingerprint,
43f726
     },
43f726
   ]);
43f726
 
43f726
-  await testViewButton(win);
43f726
-
43f726
-  await deleteOverride(win, 2);
43f726
+  await deleteOverride(win, 1);
43f726
 
43f726
-  await checkServerCertificates(win, [
43f726
-    {
43f726
-      hostPort: "example.com:9999",
43f726
-      certName: "(Not Stored)",
43f726
-      isTemporary: true,
43f726
-    },
43f726
-  ]);
43f726
+  await checkServerCertificates(win, []);
43f726
 
43f726
   win.document.getElementById("certmanager").acceptDialog();
43f726
   await BrowserTestUtils.windowClosed(win);
43f726
diff --git a/security/manager/ssl/tests/unit/test_cert_override_read.js b/security/manager/ssl/tests/unit/test_cert_override_read.js
43f726
--- a/security/manager/ssl/tests/unit/test_cert_override_read.js
43f726
+++ b/security/manager/ssl/tests/unit/test_cert_override_read.js
43f726
@@ -11,19 +11,16 @@ function run_test() {
43f726
   let cert1 = {
43f726
     sha256Fingerprint:
43f726
       "E9:3A:91:F6:15:11:FB:DD:02:76:DD:45:8C:4B:F4:9B:D1:14:13:91:2E:96:4B:EC:D2:4F:90:D5:F4:BB:29:5C",
43f726
-    dbKey: "This isn't relevant for this test.",
43f726
   };
43f726
   // bad_certs/selfsigned.pem
43f726
   let cert2 = {
43f726
     sha256Fingerprint:
43f726
       "51:BC:41:90:C1:FD:6E:73:18:19:B0:60:08:DD:A3:3D:59:B2:5B:FB:D0:3D:DD:89:19:A5:BB:C6:2B:5A:72:A7",
43f726
-    dbKey: "This isn't relevant for this test.",
43f726
   };
43f726
   // bad_certs/noValidNames.pem
43f726
   let cert3 = {
43f726
     sha256Fingerprint:
43f726
       "C3:A3:61:02:CA:64:CC:EC:45:1D:24:B6:A0:69:DB:DB:F0:D8:58:76:FC:50:36:52:5A:E8:40:4C:55:72:08:F4",
43f726
-    dbKey: "This isn't relevant for this test.",
43f726
   };
43f726
 
43f726
   let profileDir = do_get_profile();
43f726
@@ -35,58 +35,42 @@
43f726
     "# This is a generated file!  Do not edit.",
43f726
     "test.example.com:443:^privateBrowsingId=1\tOID.2.16.840.1.101.3.4.2.1\t" +
43f726
       cert1.sha256Fingerprint +
43f726
-      "\tM\t" +
43f726
-      cert1.dbKey,
43f726
+      "\t",
43f726
     "test.example.com:443:^privateBrowsingId=2\tOID.2.16.840.1.101.3.4.2.1\t" +
43f726
       cert1.sha256Fingerprint +
43f726
+      "\t",
43f726
+    "test.example.com:443:^privateBrowsingId=3\tOID.2.16.840.1.101.3.4.2.1\t" + // includes bits and dbKey (now obsolete)
43f726
+      cert1.sha256Fingerprint +
43f726
       "\tM\t" +
43f726
-      cert1.dbKey,
43f726
+      "AAAAAAAAAAAAAAACAAAAFjA5MBQxEjAQBgNVBAMMCWxvY2FsaG9zdA==",
43f726
     "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" +
43f726
       cert2.sha256Fingerprint +
43f726
-      "\tU\t" +
43f726
-      cert2.dbKey,
43f726
+      "\t",
43f726
     "[::1]:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // IPv6
43f726
       cert2.sha256Fingerprint +
43f726
-      "\tM\t" +
43f726
-      cert2.dbKey,
43f726
+      "\t",
43f726
     "old.example.com:443\tOID.2.16.840.1.101.3.4.2.1\t" + // missing attributes (defaulted)
43f726
       cert1.sha256Fingerprint +
43f726
-      "\tM\t" +
43f726
-      cert1.dbKey,
43f726
+      "\t",
43f726
     ":443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing host name
43f726
       cert3.sha256Fingerprint +
43f726
-      "\tU\t" +
43f726
-      cert3.dbKey,
43f726
+      "\t",
43f726
     "example.com::\tOID.2.16.840.1.101.3.4.2.1\t" + // missing port
43f726
       cert3.sha256Fingerprint +
43f726
-      "\tU\t" +
43f726
-      cert3.dbKey,
43f726
-    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // wrong fingerprint/dbkey
43f726
+      "\t",
43f726
+    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // wrong fingerprint
43f726
       cert2.sha256Fingerprint +
43f726
-      "\tU\t" +
43f726
-      cert3.dbKey,
43f726
+      "\t",
43f726
     "example.com:443:\tOID.0.00.000.0.000.0.0.0.0\t" + // bad OID
43f726
       cert3.sha256Fingerprint +
43f726
-      "\tU\t" +
43f726
-      cert3.dbKey,
43f726
+      "\t",
43f726
     "example.com:443:\t.0.0.0.0\t" + // malformed OID
43f726
       cert3.sha256Fingerprint +
43f726
-      "\tU\t" +
43f726
-      cert3.dbKey,
43f726
+      "\t",
43f726
     "example.com:443:\t\t" + // missing OID
43f726
       cert3.sha256Fingerprint +
43f726
-      "\tU\t" +
43f726
-      cert3.dbKey,
43f726
-    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing fingerprint
43f726
-      "\tU\t" +
43f726
-      cert3.dbKey,
43f726
-    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing override bits
43f726
-      cert3.sha256Fingerprint +
43f726
-      "\t\t" +
43f726
-      cert3.dbKey,
43f726
-    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing dbkey
43f726
-      cert3.sha256Fingerprint +
43f726
-      "\tU\t",
43f726
+      "\t",
43f726
+    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t", // missing fingerprint
43f726
   ];
43f726
   writeLinesAndClose(lines, outputStream);
43f726
   let overrideService = Cc["@mozilla.org/security/certoverride;1"].getService(