Closed
Bug 187629
Opened 22 years ago
Closed 22 years ago
cached certs are forced updated wantonly
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.7.1
People
(Reporter: bugz, Assigned: bugz)
Details
Attachments
(1 file, 1 obsolete file)
2.24 KB,
patch
|
wtc
:
review+
rrelyea
:
superreview+
|
Details | Diff | Splinter Review |
When searching a trust domain (set of tokens) for certs, NSS first puts all matching certs from the cache into a collection. Then, each matching cert instance from a token is added to the collection. When multiple instances of the same cert are detected, NSS forces a refresh of the CERTCertificate. However, this also occurs when the same instance of a cached cert is detected. There is no need to refresh in this case, as we have just located the cached instance we already knew about. This has a side effect of not allowing the value of cert->trust to be set temporarily, as the refresh constantly overwrites that value.
Assignee | ||
Comment 1•22 years ago
|
||
Comment 2•22 years ago
|
||
This patch makes it so that the trust is preserved, but I'm seeing *tons* of run time asserts in PR_Calloc and PR_Free calls which leads me to believe something funky may be happening with memory allocation/freeing as a result of this patch.
Updated•22 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.7.1
Assignee | ||
Comment 3•22 years ago
|
||
That's what you get for asking for a patch late on Friday afternoon :) There was something very obviously wrong with the last patch that I didn't see before. This patch implements the same idea, but (hopefully) correctly. I don't have a test case though.
Attachment #110623 -
Attachment is obsolete: true
Comment 4•22 years ago
|
||
Comment on attachment 110774 [details] [diff] [review] rev 2 r=wtc. It seems clearer to rename the 'foundIt' parameter 'newInstance' (and reverse the true/false sense) or 'alreadyInCollection'. Javi, could you test this patch? Bob, could you review this patch, too?
Attachment #110774 -
Flags: superreview?(relyea)
Attachment #110774 -
Flags: review+
Comment 5•22 years ago
|
||
the latest patch preserves the trust bits without throwing up all those Assertions from within the memory allocator module.
Comment 6•22 years ago
|
||
Comment on attachment 110774 [details] [diff] [review] rev 2 It looks OK, though I would like to make sure it doesn't break smart cards before we officially bless it.
Attachment #110774 -
Flags: superreview?(relyea) → superreview+
Comment 7•22 years ago
|
||
I just tested Ian's patch with a smart card with Bob looking over my shoulder. Ian, please go ahead and check in your patch on the trunk. After it passes QA on all platforms, we will check it in on the NSS_3_7_BRANCH.
Comment 8•22 years ago
|
||
Patch rev 2 checked into the tip and NSS_3_7_BRANCH of NSS.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•