Closed Bug 1404939 Opened 7 years ago Closed 3 years ago

Modify CertBlocklistService to allow storage of intermediate whitelist entries

Categories

(Core :: Security: PSM, enhancement, P3)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1603834
Tracking Flags:
Tracking Status
firefox57 --- wontfix

People

(Reporter: mgoodwin, Assigned: mgoodwin)

References

Details

(Whiteboard: [psm-assigned]) 

The naming is kind of blocklist specific - also, we need to support a third list to allow us to list the subject and public key hash pairs for the whitelisted intermediates.
Probably this will look something like this:

1) Rename nsICertBlocklist and CertBlocklist(.h/.cpp) to nsICertificateList and CertificateList(.h/.cpp)
2) Modify the interfaces to:
  a) rename AddRevokedCert* to AddCertificate*
  b) add a param so the list is specified; e.g. "revocations" for blocklist entries, "intermediates" for disclosed intermediates
3) Rename IsCertRevoked to IsCertIncluded, add a param to specify the list to be checked ("revocations", "intermediates").
3) Rename BlocklistTable, BlocklistItemKey, BlocklistStringSet to CertList*
4) Have a map of lists (revocations, intermediates) to CertListTable instances (formerly BlocklistTable)
Priority: -- → P1
Whiteboard: [psm-assigned]
Moving to p3 because no activity for at least 24 weeks.
Priority: P1 → P3
No longer blocks: 1404934
Depends on: 1404934

cert_storage took care of this.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.