--- a/security/certverifier/ExtendedValidation.cpp
+++ b/security/certverifier/ExtendedValidation.cpp
@@ -2,44 +2,44 @@
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ExtendedValidation.h"
 
 #include "cert.h"
-#include "certdb.h"
 #include "hasht.h"
 #include "mozilla/ArrayUtils.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/Base64.h"
 #include "mozilla/Casting.h"
 #include "mozilla/PodOperations.h"
 #include "nsDependentString.h"
 #include "nsString.h"
 #include "pk11pub.h"
 #include "pkix/pkixtypes.h"
-#include "prerror.h"
 
-struct nsMyTrustedEVInfo
+namespace mozilla { namespace psm {
+
+struct EVInfo
 {
   // See bug 1338873 about making these fields const.
-  const char* dotted_oid;
-  const char* oid_name; // Set this to null to signal an invalid structure,
+  const char* dottedOid;
+  const char* oidName; // Set this to null to signal an invalid structure,
                   // (We can't have an empty list, so we'll use a dummy entry)
-  unsigned char ev_root_sha256_fingerprint[SHA256_LENGTH];
-  const char* issuer_base64;
-  const char* serial_base64;
+  unsigned char sha256Fingerprint[SHA256_LENGTH];
+  const char* issuerBase64;
+  const char* serialBase64;
 };
 
 // HOWTO enable additional CA root certificates for EV:
 //
 // For each combination of "root certificate" and "policy OID",
-// one entry must be added to the array named myTrustedEVInfos.
+// one entry must be added to the array named kEVInfos.
 //
 // We use the combination of "issuer name" and "serial number" to
 // uniquely identify the certificate. In order to avoid problems
 // because of encodings when comparing certificates, we don't
 // use plain text representation, we rather use the original encoding
 // as it can be found in the root certificate (in base64 format).
 //
 // We can use the NSS utility named "pp" to extract the encoding.
@@ -81,19 +81,19 @@ struct nsMyTrustedEVInfo
 // related to the CA's OCSP infrastructure, either they use an incorrect
 // OCSP signing certificate, or OCSP for the intermediate certificates
 // isn't working, or OCSP isn't working at all.
 
 #ifdef DEBUG
 static const size_t NUM_TEST_EV_ROOTS = 2;
 #endif
 
-static const struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
+static const struct EVInfo kEVInfos[] = {
   // IMPORTANT! When extending this list, if you add another entry that uses
-  // the same dotted_oid as an existing entry, use the same oid_name.
+  // the same dottedOid as an existing entry, use the same oidName.
 #ifdef DEBUG
   // Debug EV certificates should all use the following OID:
   // 1.3.6.1.4.1.13769.666.666.666.1.500.9.1.
   // (multiple entries with the same OID is ok)
   // If you add or remove debug EV certs you must also modify NUM_TEST_EV_ROOTS
   // so that the correct number of certs are skipped as these debug EV certs are
   // NOT part of the default trust store.
   {
@@ -1127,21 +1127,21 @@ static const struct nsMyTrustedEVInfo my
       0xF9, 0x97, 0x16, 0x8F, 0x24, 0xC5, 0x8F, 0xC5, 0x02, 0x3B, 0xF5,
       0xDA, 0x5B, 0xE2, 0xEB, 0x6E, 0x1D, 0xD8, 0x90, 0x2E, 0xD5 },
     "MEYxCzAJBgNVBAYTAkxVMRYwFAYDVQQKDA1MdXhUcnVzdCBTLkEuMR8wHQYDVQQD"
     "DBZMdXhUcnVzdCBHbG9iYWwgUm9vdCAy",
     "Cn6m30tEntpqJIWe5rgV0xZ/u7E=",
   },
 };
 
-static SECOidTag sEVInfoOIDTags[mozilla::ArrayLength(myTrustedEVInfos)];
+static SECOidTag sEVInfoOIDTags[ArrayLength(kEVInfos)];
 
 static_assert(SEC_OID_UNKNOWN == 0,
   "We depend on zero-initialized globals being interpreted as SEC_OID_UNKNOWN.");
-static_assert(mozilla::ArrayLength(sEVInfoOIDTags) == mozilla::ArrayLength(myTrustedEVInfos),
+static_assert(ArrayLength(sEVInfoOIDTags) == ArrayLength(kEVInfos),
   "These arrays are used in parallel and must have the same length.");
 
 static SECOidTag
 RegisterOID(const SECItem& oidItem, const char* oidName)
 {
   SECOidData od;
   od.oid.len = oidItem.len;
   od.oid.data = oidItem.data;
@@ -1165,18 +1165,16 @@ isEVPolicy(SECOidTag policyOIDTag)
     if (policyOIDTag == oidTag) {
       return true;
     }
   }
 
   return false;
 }
 
-namespace mozilla { namespace psm {
-
 bool
 CertIsAuthoritativeForEVPolicy(const UniqueCERTCertificate& cert,
                                const mozilla::pkix::CertPolicyId& policy)
 {
   MOZ_ASSERT(cert);
   if (!cert) {
     return false;
   }
@@ -1185,76 +1183,76 @@ CertIsAuthoritativeForEVPolicy(const Uni
   SECStatus srv =
     PK11_HashBuf(SEC_OID_SHA256, fingerprint, cert->derCert.data,
                  AssertedCast<int32_t>(cert->derCert.len));
   if (srv != SECSuccess) {
     return false;
   }
 
   const SECOidData* cabforumOIDData = SECOID_FindOIDByTag(sCABForumEVOIDTag);
-  for (size_t iEV = 0; iEV < mozilla::ArrayLength(myTrustedEVInfos); ++iEV) {
-    const nsMyTrustedEVInfo& entry = myTrustedEVInfos[iEV];
+  for (size_t i = 0; i < ArrayLength(kEVInfos); ++i) {
+    const EVInfo& entry = kEVInfos[i];
 
     // This check ensures that only the specific roots we approve for EV get
     // that status, and not certs (roots or otherwise) that happen to have an
     // OID that's already been approved for EV.
-    if (!PodEqual(fingerprint, entry.ev_root_sha256_fingerprint)) {
+    if (!PodEqual(fingerprint, entry.sha256Fingerprint)) {
       continue;
     }
 
     if (cabforumOIDData && cabforumOIDData->oid.len == policy.numBytes &&
         PodEqual(cabforumOIDData->oid.data, policy.bytes, policy.numBytes)) {
       return true;
     }
-    const SECOidData* oidData = SECOID_FindOIDByTag(sEVInfoOIDTags[iEV]);
+    const SECOidData* oidData = SECOID_FindOIDByTag(sEVInfoOIDTags[i]);
     if (oidData && oidData->oid.len == policy.numBytes &&
         PodEqual(oidData->oid.data, policy.bytes, policy.numBytes)) {
       return true;
     }
   }
 
   return false;
 }
 
 nsresult
 LoadExtendedValidationInfo()
 {
   static const char* sCABForumOIDString = "2.23.140.1.1";
   static const char* sCABForumOIDDescription = "CA/Browser Forum EV OID";
 
-  mozilla::ScopedAutoSECItem cabforumOIDItem;
+  ScopedAutoSECItem cabforumOIDItem;
   if (SEC_StringToOID(nullptr, &cabforumOIDItem, sCABForumOIDString, 0)
         != SECSuccess) {
     return NS_ERROR_FAILURE;
   }
   sCABForumEVOIDTag = RegisterOID(cabforumOIDItem, sCABForumOIDDescription);
   if (sCABForumEVOIDTag == SEC_OID_UNKNOWN) {
     return NS_ERROR_FAILURE;
   }
 
-  for (size_t iEV = 0; iEV < mozilla::ArrayLength(myTrustedEVInfos); ++iEV) {
-    const nsMyTrustedEVInfo& entry = myTrustedEVInfos[iEV];
+  for (size_t i = 0; i < ArrayLength(kEVInfos); ++i) {
+    const EVInfo& entry = kEVInfos[i];
 
     SECStatus srv;
 #ifdef DEBUG
     // This section of code double-checks that we calculated the correct
     // certificate hash given the issuer and serial number and that it is
     // actually present in our loaded root certificates module. It is
     // unnecessary to check this in non-debug builds since we will safely fall
     // back to DV if the EV information is incorrect.
     nsAutoCString derIssuer;
-    nsresult rv = Base64Decode(nsDependentCString(entry.issuer_base64),
+    nsresult rv = Base64Decode(nsDependentCString(entry.issuerBase64),
                                derIssuer);
     MOZ_ASSERT(NS_SUCCEEDED(rv), "Could not base64-decode built-in EV issuer");
     if (NS_FAILED(rv)) {
       return rv;
     }
 
     nsAutoCString serialNumber;
-    rv = Base64Decode(nsDependentCString(entry.serial_base64), serialNumber);
+    rv = Base64Decode(nsDependentCString(entry.serialBase64), serialNumber);
     MOZ_ASSERT(NS_SUCCEEDED(rv), "Could not base64-decode built-in EV serial");
     if (NS_FAILED(rv)) {
       return rv;
     }
 
     CERTIssuerAndSN ias;
     ias.derIssuer.data =
       BitwiseCast<unsigned char*, const char*>(derIssuer.get());
@@ -1268,41 +1266,41 @@ LoadExtendedValidationInfo()
 
     // If an entry is missing in the NSS root database, it may be because the
     // root database is out of sync with what we expect (e.g. a different
     // version of system NSS is installed).
     if (!cert) {
       // The entries for the debug EV roots are at indices 0 through
       // NUM_TEST_EV_ROOTS - 1. Since they're not built-in, they probably
       // haven't been loaded yet.
-      MOZ_ASSERT(iEV < NUM_TEST_EV_ROOTS, "Could not find built-in EV root");
+      MOZ_ASSERT(i < NUM_TEST_EV_ROOTS, "Could not find built-in EV root");
     } else {
       unsigned char certFingerprint[SHA256_LENGTH];
       srv = PK11_HashBuf(SEC_OID_SHA256, certFingerprint, cert->derCert.data,
                          AssertedCast<int32_t>(cert->derCert.len));
       MOZ_ASSERT(srv == SECSuccess, "Could not hash EV root");
       if (srv != SECSuccess) {
         return NS_ERROR_FAILURE;
       }
-      bool same = PodEqual(certFingerprint, entry.ev_root_sha256_fingerprint);
+      bool same = PodEqual(certFingerprint, entry.sha256Fingerprint);
       MOZ_ASSERT(same, "EV root fingerprint mismatch");
       if (!same) {
         return NS_ERROR_FAILURE;
       }
     }
 #endif
     // This is the code that actually enables these roots for EV.
-    mozilla::ScopedAutoSECItem evOIDItem;
-    srv = SEC_StringToOID(nullptr, &evOIDItem, entry.dotted_oid, 0);
+    ScopedAutoSECItem evOIDItem;
+    srv = SEC_StringToOID(nullptr, &evOIDItem, entry.dottedOid, 0);
     MOZ_ASSERT(srv == SECSuccess, "SEC_StringToOID failed");
     if (srv != SECSuccess) {
       return NS_ERROR_FAILURE;
     }
-    sEVInfoOIDTags[iEV] = RegisterOID(evOIDItem, entry.oid_name);
-    if (sEVInfoOIDTags[iEV] == SEC_OID_UNKNOWN) {
+    sEVInfoOIDTags[i] = RegisterOID(evOIDItem, entry.oidName);
+    if (sEVInfoOIDTags[i] == SEC_OID_UNKNOWN) {
       return NS_ERROR_FAILURE;
     }
   }
 
   return NS_OK;
 }
 
 // Helper function for GetFirstEVPolicy(): returns the first suitable policy