firefox/rhbz-966424.patch

--- a/toolkit/modules/CertUtils.jsm
+++ b/toolkit/modules/CertUtils.jsm
@@ -170,17 +170,19 @@ this.checkCert =
   issuerCert = issuerCert.QueryInterface(Ci.nsIX509Cert3);
   var tokenNames = issuerCert.getAllTokenNames({});
 
   if (!tokenNames || !tokenNames.some(isBuiltinToken))
     throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT);
 }
 
 function isBuiltinToken(tokenName) {
-  return tokenName == "Builtin Object Token";
+  return tokenName == "Builtin Object Token" ||
+         tokenName == "Default Trust" ||
+         tokenName == "System Trust";
 }
 
 /**
  * This class implements nsIBadCertListener.  Its job is to prevent "bad cert"
  * security dialogs from being shown to the user.  It is better to simply fail
  * if the certificate is bad. See bug 304286.
  *
  * @param  aAllowNonBuiltInCerts (optional)
Standalone firefox package without need of xulrunner 2014-01-09 09:56:01 +00:00			`--- a/toolkit/modules/CertUtils.jsm`
			`+++ b/toolkit/modules/CertUtils.jsm`
			`@@ -170,17 +170,19 @@ this.checkCert =`
			`issuerCert = issuerCert.QueryInterface(Ci.nsIX509Cert3);`
			`var tokenNames = issuerCert.getAllTokenNames({});`

			`if (!tokenNames \|\| !tokenNames.some(isBuiltinToken))`
			`throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT);`
			`}`

			`function isBuiltinToken(tokenName) {`
			`- return tokenName == "Builtin Object Token";`
			`+ return tokenName == "Builtin Object Token" \|\|`
			`+ tokenName == "Default Trust" \|\|`
			`+ tokenName == "System Trust";`
			`}`

			`/**`
			`* This class implements nsIBadCertListener. Its job is to prevent "bad cert"`
			`* security dialogs from being shown to the user. It is better to simply fail`
			`* if the certificate is bad. See bug 304286.`
			`*`
			`* @param aAllowNonBuiltInCerts (optional)`