remove the libpkix-style chain validation callback from CertVerifier

RESOLVED FIXED in mozilla35

Status

()

Core
Security: PSM
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: keeler, Assigned: keeler)

Tracking

unspecified
mozilla35
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Assignee)

Description

4 years ago
Currently we use a CERTChainVerifyCallback structure to pass around information needed to implement pinning checks in CertVerifier/NSSCertDBTrustDomain. This is an unnecessary legacy setup we can get rid of to simplify the implementation.
(Assignee)

Comment 1

4 years ago
Created attachment 8493424 [details] [diff] [review]
patch 1/2: some cleanup
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8493424 - Flags: review?(cviecco)
(Assignee)

Comment 2

4 years ago
Created attachment 8493426 [details] [diff] [review]
patch 2/2: remove callback
Attachment #8493426 - Flags: review?(cviecco)
Comment on attachment 8493426 [details] [diff] [review]
patch 2/2: remove callback

Review of attachment 8493426 [details] [diff] [review]:
-----------------------------------------------------------------

::: security/certverifier/CertVerifier.cpp
@@ +81,5 @@
>    return SECSuccess;
>  }
>  
> +Result
> +CertListContainsExpectedKeys(const CERTCertList* certList,

my only complain is about this name. I would have called it doPinningChecks (as it it related only to pinning) btw dont you need to declare this in the ".h" so that  NSSCertDBTrustDomain.cpp can access it?
Attachment #8493426 - Flags: review?(cviecco) → review+
Attachment #8493424 - Flags: review?(cviecco) → review+
(Assignee)

Comment 4

4 years ago
Created attachment 8495417 [details] [diff] [review]
patch 2/2: remove callback v2

Thanks for the reviews. I kept the name as-is since I think it describes that function's purpose better.

https://tbpl.mozilla.org/?tree=Try&rev=f919d653e95a
Attachment #8493426 - Attachment is obsolete: true
Attachment #8495417 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/9dc5491eb546
https://hg.mozilla.org/mozilla-central/rev/4f90b7fb1918
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
You need to log in before you can comment on or make changes to this bug.