Actually call psm::RegisterDynamicOids().

chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
@@ skipping 99 matching lines @@
 SECOidTag eku_ms_encrypting_file_system = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_file_recovery = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_windows_hardware_driver_verification = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_qualified_subordination = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_key_recovery = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_document_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_lifetime_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_smart_card_logon = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_key_recovery_agent = SEC_OID_UNKNOWN;
 SECOidTag eku_netscape_international_step_up = SEC_OID_UNKNOWN;
+SECOidTag cert_attribute_business_category = SEC_OID_UNKNOWN;
+SECOidTag cert_attribute_ev_incorporation_country = SEC_OID_UNKNOWN;
 
 void RegisterDynamicOids() {
   if (ms_cert_ext_certtype != SEC_OID_UNKNOWN)
     return;
 
   ms_cert_ext_certtype = RegisterDynamicOid("1.3.6.1.4.1.311.20.2");
   ms_certsrv_ca_version = RegisterDynamicOid("1.3.6.1.4.1.311.21.1");
   ms_nt_principal_name = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.3");
-  ms_nt_principal_name = RegisterDynamicOid("1.3.6.1.4.1.311.25.1");

[wtc, 2011/07/07 02:22:50]

This must have been a copy-and-paste error.

+  ms_ntds_replication = RegisterDynamicOid("1.3.6.1.4.1.311.25.1");
 
   eku_ms_individual_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.21");
   eku_ms_commercial_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.22");
   eku_ms_trust_list_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.1");
   eku_ms_time_stamping = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.2");
   eku_ms_server_gated_crypto = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.3");
   eku_ms_encrypting_file_system = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4");
   eku_ms_file_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4.1");
   eku_ms_windows_hardware_driver_verification = RegisterDynamicOid(
       "1.3.6.1.4.1.311.10.3.5");
   eku_ms_qualified_subordination = RegisterDynamicOid(
       "1.3.6.1.4.1.311.10.3.10");
   eku_ms_key_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.11");
   eku_ms_document_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.12");
   eku_ms_lifetime_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.13");
   eku_ms_smart_card_logon = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.2");
   eku_ms_key_recovery_agent = RegisterDynamicOid("1.3.6.1.4.1.311.21.6");
   eku_netscape_international_step_up = RegisterDynamicOid(
       "2.16.840.1.113730.4.1");
+
+  // These two OIDs will be built-in as SEC_OID_BUSINESS_CATEGORY and
+  // SEC_OID_EV_INCORPORATION_COUNTRY starting in NSS 3.13.  Until then,
+  // we need to add them dynamically.
+  cert_attribute_business_category = RegisterDynamicOid("2.5.4.15");
+  cert_attribute_ev_incorporation_country = RegisterDynamicOid(
+      "1.3.6.1.4.1.311.60.2.1.3");
 }
 
 std::string DumpOidString(SECItem* oid) {
   char* pr_string = CERT_GetOidString(oid);
   if (pr_string) {
     std::string rv = pr_string;
     PR_smprintf_free(pr_string);
     return rv;
   }
 
@@ skipping 153 matching lines @@
       break;
     case SEC_OID_OCSP_RESPONDER:
       string_id = IDS_CERT_EKU_OCSP_SIGNING;
       break;
     case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
       string_id = IDS_CERT_PKIX_CPS_POINTER_QUALIFIER;
       break;
     case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
       string_id = IDS_CERT_PKIX_USER_NOTICE_QUALIFIER;
       break;
+    case SEC_OID_UNKNOWN:
+      string_id = -1;
+      break;

[wtc, 2011/07/07 02:22:50]

With this SEC_OID_UNKNOWN case alone, the certificate viewer
shows:
OID.2.5.4.15 = Business Entity
OID.1.3.6.1.4.1.311.60.2.1.3 = ES

which is a big improvement.  Although not required, it is
a good safety net in case we regress in the future.

 
     // There are a billionty other OIDs we could add here.  I tried to get the
     // important ones...
     default:
       if (oid_tag == ms_cert_ext_certtype)
         string_id = IDS_CERT_EXT_MS_CERT_TYPE;
       else if (oid_tag == ms_certsrv_ca_version)
         string_id = IDS_CERT_EXT_MS_CA_VERSION;
       else if (oid_tag == ms_nt_principal_name)
         string_id = IDS_CERT_EXT_MS_NT_PRINCIPAL_NAME;
@@ skipping 22 matching lines @@
       else if (oid_tag == eku_ms_document_signing)
         string_id = IDS_CERT_EKU_MS_DOCUMENT_SIGNING;
       else if (oid_tag == eku_ms_lifetime_signing)
         string_id = IDS_CERT_EKU_MS_LIFETIME_SIGNING;
       else if (oid_tag == eku_ms_smart_card_logon)
         string_id = IDS_CERT_EKU_MS_SMART_CARD_LOGON;
       else if (oid_tag == eku_ms_key_recovery_agent)
         string_id = IDS_CERT_EKU_MS_KEY_RECOVERY_AGENT;
       else if (oid_tag == eku_netscape_international_step_up)
         string_id = IDS_CERT_EKU_NETSCAPE_INTERNATIONAL_STEP_UP;
+      else if (oid_tag == cert_attribute_business_category)
+        string_id = IDS_CERT_OID_BUSINESS_CATEGORY;
+      else if (oid_tag == cert_attribute_ev_incorporation_country)
+        string_id = IDS_CERT_OID_EV_INCORPORATION_COUNTRY;
       else
         string_id = -1;
       break;
   }
   if (string_id >= 0)
     return l10n_util::GetStringUTF8(string_id);
 
   return DumpOidString(oid);
 }
 
@@ skipping 669 matching lines @@
   if (trust.HasAnyCA())
     return net::CA_CERT;
   if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
     return net::SERVER_CERT;
   if (CERT_IsCACert(cert, NULL))
     return net::CA_CERT;
   return net::UNKNOWN_CERT;
 }
 
 }  // namespace mozilla_security_manager