Closed Bug 114482 Opened 24 years ago Closed 23 years ago

CRL uplodownloader does not start until PSM libraries are loaded

Categories

(Core Graveyard :: Security: UI, enhancement, P4)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
enhancement

Tracking

(Not tracked)

Status:
VERIFIED WONTFIX
Milestone:
Future

People

(Reporter: rangansen, Assigned: rangansen)

Details

This is related to the delayed loading of security libraries. CRL update timers are started when nsNSSComponent is initialized. What happens: ------------- Let's say a user has a crl that is enabled for autoupdate, and the prefs are such that the crl should get autoupdated when the browser starts up next time. But when he starts up his browser, he never visits any https sites, of security settings - and the security libraries are never loaded, the crl update timer never gets started, and the crl is not updated. What should hapen: ------------------- CRL should get updated, irrespective of whether he visists any https sites/opens his security prefs. Point to note: -------------- 1. This does not imply any added security weakness - because in this case, the behaviour boils down to that of a crl without autoupdate enabled and next-update is in the past, and the cert for such and website would not get validated .. 2. Even if we did not have delayed loading of security libs, or if we started the timer imn the boot module, still we would have the same behaviour if, for example, the startup page would be a https: page, and next update is in the past. However, freequency of the problem would be less. 3. One solution might be to triggers a synchronous update of the crl when we try to validate a cert against it, if a) the crl has auto-update enabled, and b) the next-update is in the past. This would need a lot of change in NSS and PSM.
Target Milestone: --- → Future
Summary: CRL uptodownloader does not start until PSM libraries are loaded → CRL uplodownloader does not start until PSM libraries are loaded
I dispute the "What should happen". This would require the loading of NSS. In the current implementation it would not necessarily prevent a cert to be validated against an old CRL, as it takes time for the timer to fire and for the loading to take place. I also don't think that updating the CRL when it's needed is a good idea either. It would make simple, normally instantanous operation block on the loading. The current behavior is probably good enough. Keeping the bug open to see if we get corroborating user feedback.
Priority: -- → P4
I also think this bug should not be fixed, and suggest to mark it as wontfix. If a user never uses crypto, why bother to load CRLs automatically? If a user actually uses crypto, the timers will become active and the CRLs will get loaded.
Severity: normal → enhancement
Marking wontfix.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WONTFIX
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.2 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.