Open Bug 135532 Opened 23 years ago Updated 2 years ago

trust domains should contain slots, not tokens

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: bugz, Unassigned)

References

Details

Attachments

(1 file)

change trust domain to use nssSlotList
9.35 KB, patch
Details | Diff | Splinter Review
The last of my structural changes to the 3.4 Stan code. Please see dev/devutil.c for the implementation of nssSlotList. Here is the new trust domain: struct NSSTrustDomainStr { PRInt32 refCount; NSSArena *arena; NSSCallback *defaultCallback; struct { nssSlotList *forCerts; nssSlotList *forCiphers; nssSlotList *forTrust; } slots; nssCertificateCache *cache; }; This next function extracts a snapshot of slots from the trust domain. It will eventually be split into GetSlotsForCerts, GetSlotsForTrust, etc. The slot list orders the slots in the configured order. UpdateLevel is for 4.0 -- it will be used in conjunction with the 4.0 cache to improve searching. For now, it can be ignored. /* XXX */ static NSSSlot ** nssTrustDomain_GetActiveSlots ( NSSTrustDomain *td, nssUpdateLevel *updateLevel ) { /* XXX */ *updateLevel = 1; return nssSlotList_GetSlots(td->slots.forCerts); } Here is a snippet showing a trust domain search in action: slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); if (!slots) { goto loser; } numRemaining = maximumOpt; for (slotp = slots; *slotp; slotp++) { token = nssSlot_GetToken(*slotp); if (token) { nssSession *session; nssCryptokiObject **instances; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; session = nssTrustDomain_GetSessionForToken(td, token); if (!session) { nssToken_Destroy(token); goto loser; } instances = nssToken_FindCertificatesBySubject(token, session, subject, tokenOnly, numRemaining, &status);
Fix the summary. Also, in case you didn't guess, nssSlot_GetToken returns NULL if the token is not present.
Summary: trust domains should contain slots, not pointers → trust domains should contain slots, not tokens
here's a patch against the current tip.
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Target NSS 3.5, priority P2. Ian told me that the implementation of nssSlotList is already checked in, and does not show up in the patch. You will have to review it separately, dev/devutil.c.
Priority: -- → P2
Target Milestone: --- → 3.5
Ian, you haven't fixed this, have you?
Target Milestone: 3.5 → 3.7
Yes. In 3.5.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: 3.7 → 3.5
Could you explain how you fixed this? The patch you attached hasn't been checked in. Did you check in a different patch?
*sigh* Good point. I guess this bug dropped off my radar. What the tip currently does is iterate over slots,a s it should. This bug was to have trust domains actually store slots, instead of tokens. I thought that had been done. Instead, the struct NSSTrustDomain shown below is #ifdef'ed out. The nssSlotList described below is not in use. Retargeting for 3.7. It should be a simple matter of turning on the new struct definition, and a couple other small changes (I believe the patch will not apply as-is). But we should make that change early on in 3.7, as a precursor to 4.0 (since 4.0 will use the same definition). This isn't a big miss for 3.6, it's just a minor enhancement.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: 3.5 → 3.7
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: bugz → nobody
Status: REOPENED → NEW
QA Contact: jason.m.reid → libraries
Version: 3.4 → 3.3
See Also: → 1755555
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: