Closed Bug 187629 Opened 22 years ago Closed 22 years ago

cached certs are forced updated wantonly

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bugz, Assigned: bugz)

Details

Attachments

(1 file, 1 obsolete file)

rev 2
2.24 KB, patch
wtc
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review 
When searching a trust domain (set of tokens) for certs, NSS first puts all
matching certs from the cache into a collection.  Then, each matching cert
instance from a token is added to the collection.  When multiple instances of
the same cert are detected,  NSS forces a refresh of the CERTCertificate.

However, this also occurs when the same instance of a cached cert is detected. 
There is no need to refresh in this case, as we have just located the cached
instance we already knew about.

This has a side effect of not allowing the value of cert->trust to be set
temporarily, as the refresh constantly overwrites that value.
Attached patch suggested patch (obsolete) — Splinter Review 

    
    

    
  
This patch makes it so that the trust is preserved, but I'm seeing *tons* of run
time asserts in PR_Calloc and PR_Free calls which leads me to believe something
funky may be happening with memory allocation/freeing as a result of this patch.

    
  
Priority: -- → P1
Target Milestone: --- → 3.7.1

    
    

    
  

      
      
      
      

        Attached patch
          
          
        rev 2Splinter Review
      

    


  
That's what you get for asking for a patch late on Friday afternoon :)

There was something very obviously wrong with the last patch that I didn't see
before.  This patch implements the same idea, but (hopefully) correctly.  I
don't have a test case though.

        Attachment #110623 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 110774 [details] [diff] [review]
rev 2

r=wtc.

It seems clearer to rename the 'foundIt' parameter
'newInstance' (and reverse the true/false sense) or
'alreadyInCollection'.

Javi, could you test this patch?

Bob, could you review this patch, too?

        Attachment #110774 -
        Flags: superreview?(relyea)

        Attachment #110774 -
        Flags: review+

    
    

    
  
the latest patch preserves the trust bits without throwing up all those
Assertions from within the memory allocator module.

    
    

    
  
Comment on attachment 110774 [details] [diff] [review]
rev 2

It looks OK, though I would like to make sure it doesn't break smart cards
before we officially bless it.

        Attachment #110774 -
        Flags: superreview?(relyea) → superreview+

    
    

    
  
I just tested Ian's patch with a smart card with Bob
looking over my shoulder.

Ian, please go ahead and check in your patch on the
trunk.  After it passes QA on all platforms, we will
check it in on the NSS_3_7_BRANCH.

    
    

    
  
Patch rev 2 checked into the tip and NSS_3_7_BRANCH of NSS.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: