Closed Bug 1031946 Opened 10 years ago Closed 10 years ago

Add SEC_ERROR_BAD_KEY_SIZE error code

Categories

(NSS :: Libraries, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: Cykesiopka, Unassigned)

References

Details

Attachments

(1 file)

This is mainly so that the code from Bug 360126 can report a more accurate error message.
I'm not sure on the exact wording - suggestions welcome...
Assignee: nobody → cykesiopka.bmo
Status: NEW → ASSIGNED
Attachment #8447766 - Flags: review?(ryan.sleevi)
Comment on attachment 8447766 [details] [diff] [review] bug1031946_v1.patch Review of attachment 8447766 [details] [diff] [review]: ----------------------------------------------------------------- I'm going to punt this to Brian here. I'm not entirely sure that putting it here in NSS will be the best, if this gets deferred to the application. My initial reaction is, if it belongs in NSS, "SEC_ERROR_INADEQUATE_KEY_SIZE", to reflect the key usage. Alternatively, SEC_ERROR_CERT_KEY_SIZE_DISABLED, to reflect the SIGNATURE_ALGORITHM_DISABLED policy setting. That is, assuming we will have a flag to allow such legacy keys (presumably, Red Hat will want such a flag, even if it's off by default).
Attachment #8447766 - Flags: review?(ryan.sleevi)
Attachment #8447766 - Flags: review?(brian)
Attachment #8447766 - Flags: feedback?(rrelyea)
Comment on attachment 8447766 [details] [diff] [review] bug1031946_v1.patch f+ I like the idea of adding this new error. I agree with ryan that maybe having a couple of more specific errors would better. bob
Attachment #8447766 - Flags: feedback?(rrelyea) → feedback+
Comment on attachment 8447766 [details] [diff] [review] bug1031946_v1.patch Review of attachment 8447766 [details] [diff] [review]: ----------------------------------------------------------------- As far as the process goes, I think it might be better to start off with add the new error code(s) only in Gecko like was done for the key pinning violation error code, and then bring them into NSS after they've been shown to work well in Gecko, because once we add something in NSS it is very difficult to change it due to backward compatibility concerns. Recently, I made it pretty convenient to add new cert verification error codes to mozilla::pkix; see bug 1039064. Whether or not any error codes are added to NSS should be decided by Bob and the rest of the pepole working on NSS.
Attachment #8447766 - Flags: review?(brian)
(In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) from comment #4) > As far as the process goes, I think it might be better to start off with add > the new error code(s) only in Gecko like was done for the key pinning > violation error code, and then bring them into NSS after they've been shown > to work well in Gecko, because once we add something in NSS it is very > difficult to change it due to backward compatibility concerns. Recently, I > made it pretty convenient to add new cert verification error codes to > mozilla::pkix; see bug 1039064. Sure. I'll file a new bug for this. > Whether or not any error codes are added to NSS should be decided by Bob and > the rest of the pepole working on NSS. Ok. I'll mark this bug as invalid for now.
Assignee: cykesiopka.bmo → nobody
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
See Also: → 1052257
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: