Closed Bug 1071308 Opened 10 years ago Closed 10 years ago

remove the libpkix-style chain validation callback from CertVerifier

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla35

People

(Reporter: keeler, Assigned: keeler)

Details

Attachments

(2 files, 1 obsolete file)

patch 1/2: some cleanup
8.99 KB, patch
cviecco
: review+
Details | Diff | Splinter Review
patch 2/2: remove callback v2
29.67 KB, patch
keeler
: review+
Details | Diff | Splinter Review 
Currently we use a CERTChainVerifyCallback structure to pass around information needed to implement pinning checks in CertVerifier/NSSCertDBTrustDomain. This is an unnecessary legacy setup we can get rid of to simplify the implementation.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED

        Attachment #8493424 -
        Flags: review?(cviecco)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch 2/2: remove callback (obsolete)
        — Splinter Review
      

    


  

        Attachment #8493426 -
        Flags: review?(cviecco)

    
    

    
  
Comment on attachment 8493426 [details] [diff] [review]
patch 2/2: remove callback

Review of attachment 8493426 [details] [diff] [review]:
-----------------------------------------------------------------

::: security/certverifier/CertVerifier.cpp
@@ +81,5 @@
>    return SECSuccess;
>  }
>  
> +Result
> +CertListContainsExpectedKeys(const CERTCertList* certList,

my only complain is about this name. I would have called it doPinningChecks (as it it related only to pinning) btw dont you need to declare this in the ".h" so that  NSSCertDBTrustDomain.cpp can access it?

        Attachment #8493426 -
        Flags: review?(cviecco) → review+

        Attachment #8493424 -
        Flags: review?(cviecco) → review+

    
    

    
  


  
Thanks for the reviews. I kept the name as-is since I think it describes that function's purpose better.

https://tbpl.mozilla.org/?tree=Try&rev=f919d653e95a

        Attachment #8493426 -
        Attachment is obsolete: true

        Attachment #8495417 -
        Flags: review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/9dc5491eb546
https://hg.mozilla.org/mozilla-central/rev/4f90b7fb1918
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla35

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: