Closed Bug 1325035 Opened 4 years ago Closed 4 years ago

Store server certificates more efficiently

Categories

(NSS :: Libraries, defect)

3.29
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: mt, Assigned: mt)

References

Details

We currently create multiple copies of server certificates, one for each authentication type.  This is inefficient and leads to lots of funky code.

As part of doing this, I realized that our use of RSA keys for tickets is terrible, so I made a new function that lets a user explicitly set a key pair for use in ticket key wrapping.  If this isn't set, then the last RSA key that was configured is used.

Eventually, we want to switch to explicit keys for wrapping of all session resumption keys, but the other code is a horror show.  I touched that a little with this patch, but I didn't embark on major surgery.  Maybe my next patch will be to use the new ticket wrapping key pair instead of the current mess (bug 1248320).
OK, so the session ticket handling stuff is the major piece here.  The commit message reflects that.  I can maybe separate the two, but they are fairly tightly coupled.

https://nss-review.dev.mozaws.net/D127
Assignee: nobody → martin.thomson
https://hg.mozilla.org/projects/nss/rev/11048f8387bba05cc28857baaef57de1ed963803
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.30
You need to log in before you can comment on or make changes to this bug.