Closed Bug 1071308 Opened 11 years ago Closed 11 years ago

remove the libpkix-style chain validation callback from CertVerifier

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla35

People

(Reporter: keeler, Assigned: keeler)

Details

Attachments

(2 files, 1 obsolete file)

patch 1/2: some cleanup 11 years ago Dana Keeler (she/her) [:keeler] 8.99 KB, patch	cviecco : review+	Details \| Diff \| Splinter Review
patch 2/2: remove callback 11 years ago Dana Keeler (she/her) [:keeler] 29.04 KB, patch	cviecco : review+	Details \| Diff \| Splinter Review
patch 2/2: remove callback v2 11 years ago Dana Keeler (she/her) [:keeler] 29.67 KB, patch	keeler : review+	Details \| Diff \| Splinter Review

Dana Keeler (she/her) [:keeler]

Assignee

Description

•

11 years ago

Currently we use a CERTChainVerifyCallback structure to pass around information needed to implement pinning checks in CertVerifier/NSSCertDBTrustDomain. This is an unnecessary legacy setup we can get rid of to simplify the implementation.

Dana Keeler (she/her) [:keeler]

Assignee

Comment 1

•

11 years ago

Attached patch patch 1/2: some cleanup — Details — Splinter Review

Assignee: nobody → dkeeler

Status: NEW → ASSIGNED

Attachment #8493424 - Flags: review?(cviecco)

Dana Keeler (she/her) [:keeler]

Assignee

Comment 2

•

11 years ago

Attached patch patch 2/2: remove callback (obsolete) — Details — Splinter Review

Attachment #8493426 - Flags: review?(cviecco)

Camilo Viecco (:cviecco)

Comment 3

•

11 years ago

Comment on attachment 8493426 [details] [diff] [review] patch 2/2: remove callback Review of attachment 8493426 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/certverifier/CertVerifier.cpp @@ +81,5 @@ > return SECSuccess; > } > > +Result > +CertListContainsExpectedKeys(const CERTCertList* certList, my only complain is about this name. I would have called it doPinningChecks (as it it related only to pinning) btw dont you need to declare this in the ".h" so that NSSCertDBTrustDomain.cpp can access it?

Attachment #8493426 - Flags: review?(cviecco) → review+

Camilo Viecco (:cviecco)

Updated

•

11 years ago

Attachment #8493424 - Flags: review?(cviecco) → review+

Dana Keeler (she/her) [:keeler]

Assignee

Comment 4

•

11 years ago

Attached patch patch 2/2: remove callback v2 — Details — Splinter Review

Thanks for the reviews. I kept the name as-is since I think it describes that function's purpose better. https://tbpl.mozilla.org/?tree=Try&rev=f919d653e95a

Attachment #8493426 - Attachment is obsolete: true

Attachment #8495417 - Flags: review+

Dana Keeler (she/her) [:keeler]

Assignee

Comment 5

•

11 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/9dc5491eb546 https://hg.mozilla.org/integration/mozilla-inbound/rev/4f90b7fb1918

Ryan VanderMeulen [:RyanVM]

Comment 6

•

11 years ago

https://hg.mozilla.org/mozilla-central/rev/9dc5491eb546 https://hg.mozilla.org/mozilla-central/rev/4f90b7fb1918

Status: ASSIGNED → RESOLVED

Closed: 11 years ago

Flags: in-testsuite+

Resolution: --- → FIXED

Target Milestone: --- → mozilla35

You need to log in before you can comment on or make changes to this bug.

Bugzilla

remove the libpkix-style chain validation callback from CertVerifier

Categories

(Core :: Security: PSM, defect)

Tracking

()

People

(Reporter: keeler, Assigned: keeler)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(2 files, 1 obsolete file)

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type