Open
Bug 1316070
Opened 9 years ago
Updated 3 years ago
improve RememberCertErrorsTable API and related machinery
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox52 | --- | affected |
People
(Reporter: keeler, Unassigned)
References
Details
(Whiteboard: [psm-cleanup])
The way RememberCertErrorsTable works is confusing in multiple ways. First, to note that there is a user-added override on a particular connection, the AuthCertificate hook calls SetStatusErrorBits on the TransportSecurityInfo, which then calls RememberCertErrorsTable::GetInstance().RememberCertHasError. However, to note that verification succeeded without an error override, the AuthCertificate hook calls RememberCertErrorsTable::GetInstance().RememberCertHasError directly. This is confusing both because it's asymmetrical and because in this case the certificate actually doesn't have an error.
LookupCertErrorBits could also be more clear in terms of what it does and what it modifies (i.e. the sslStatus is the modified parameter).
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•