Open
Bug 170836
Opened 22 years ago
Updated 2 years ago
SEC_LookupCrls returns CERTSignedCrl* objects without a slot or object ID
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
NEW
People
(Reporter: julien.pierre, Unassigned)
Details
The CERTSignedCrl* objects returned by the function SEC_LookupCrls do not have a slot pointer set or CK_OBJECT_HANDLE. This means that if you want to do things like deleting one of them, you can't just pass the pointer to SEC_DeletePermCRL. Instead, you need to look it up again, by extracting the DER issuer out of the CERTSignedCrl*, then doing a SEC_FindCrlByName on it to get a second CERTSignedCrl*. This is done for example in PSM currently and I also had to do the same thing in crlutil to implement the -E option that erases all CRLs from the cert database. This double-lookup is very inefficient, particularly in the light of bug #170835 : in this enumeration codepath, the CRL cache is currently not used. So, when you do the second lookup, the CRL ends up being decoded and allocated again. This can be very bad for large CRLs.
Comment 1•21 years ago
|
||
Not returning valid slot pointers and object handles seems like a bug. CRL issues seem like they're P2.
Priority: -- → P2
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•18 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•