Closed Bug 1019771 Opened 6 years ago Closed 6 years ago
[TRACKING] Remove CERTCertificate dependencies from pkixocsp (mozilla::pkix::Verify
Encoded OCSPResponse and mozilla::pkix::Create Encoded OCSPRequest)
We discussed before the idea of doing all certificate processing (except for trust DB access) within mozilla::pkix and not relying on the CERTCertificate-based code in NSS that we don't understand very well and that is difficult to maintain. The first step is removing the CERTCertificate dependencies from VerifyEncodedOCSPResponse. VerifyEncodedOCSPResponse doesn't depend on name constraint processing or path building so it should be easier to do VerifyEncodedOCSPResponse before attempting to do the same for BuildCertChain. (Also, BuildCertChain indirectly depends on VerifyEncodedOCSPResponse).
Depends on: 1019814
Depends on: 1020683
Assignee: nobody → brian
Target Milestone: --- → mozilla33
Depends on: 1026261
Depends on: 1029247
All this work is done. Now you can do OCSP stuff without ever constructing a CERTCertificate.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Summary: [TRACKING] Remove CERTCertificate dependencies from mozilla::pkix::VerifyEncodedOCSPResponse → [TRACKING] Remove CERTCertificate dependencies from pkixocsp (mozilla::pkix::VerifyEncodedOCSPResponse and mozilla::pkix::CreateEncodedOCSPRequest)
You need to log in before you can comment on or make changes to this bug.