Closed Bug 1019771 Opened 6 years ago Closed 6 years ago

[TRACKING] Remove CERTCertificate dependencies from pkixocsp (mozilla::pkix::VerifyEncodedOCSPResponse and mozilla::pkix::CreateEncodedOCSPRequest)

Categories

(Core :: Security: PSM, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla33

People

(Reporter: briansmith, Assigned: briansmith)

References

Details

We discussed before the idea of doing all certificate processing (except for trust DB access) within mozilla::pkix and not relying on the CERTCertificate-based code in NSS that we don't understand very well and that is difficult to maintain.

The first step is removing the CERTCertificate dependencies from VerifyEncodedOCSPResponse. VerifyEncodedOCSPResponse doesn't depend on name constraint processing or path building so it should be easier to do VerifyEncodedOCSPResponse before attempting to do the same for BuildCertChain. (Also, BuildCertChain indirectly depends on VerifyEncodedOCSPResponse).
Assignee: nobody → brian
Target Milestone: --- → mozilla33
All this work is done. Now you can do OCSP stuff without ever constructing a CERTCertificate.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Summary: [TRACKING] Remove CERTCertificate dependencies from mozilla::pkix::VerifyEncodedOCSPResponse → [TRACKING] Remove CERTCertificate dependencies from pkixocsp (mozilla::pkix::VerifyEncodedOCSPResponse and mozilla::pkix::CreateEncodedOCSPRequest)
You need to log in before you can comment on or make changes to this bug.