Closed Bug 1449060 Opened 2 years ago Closed 2 years ago

remove some OIDs/processing from the certificate viewer that don't affect certificate verification

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla61
Tracking Status
firefox61 --- fixed

People

(Reporter: keeler, Assigned: keeler)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

We have some dynamically-added OIDs in the certificate viewer code that don't serve any useful purpose. They correspond to some extensions that have no effect on certificate verification (unless they're marked critical, in which case the certificate would be rejected like any other unknown extension). We should just remove them and simplify this code.
Assignee: nobody → dkeeler
Comment on attachment 8962552 [details]
bug 1449060 - remove some dynamic OIDs from the certificate viewer that don't serve any purpose

https://reviewboard.mozilla.org/r/231354/#review236960

+1 for removing code

::: security/manager/ssl/nsNSSCertHelper.cpp
(Diff revision 1)
>  #include "prerror.h"
>  #include "secder.h"
>  
>  using namespace mozilla;
>  
> -/* Object Identifier constants */

Looking at the bug that added these the code is here so we can display the extensions. I presume we won't be able to display them after this change? But the extensions don't look widespread so that this shouldn't be an issue.
Attachment #8962552 - Flags: review?(franziskuskiefer) → review+
Comment on attachment 8962552 [details]
bug 1449060 - remove some dynamic OIDs from the certificate viewer that don't serve any purpose

https://reviewboard.mozilla.org/r/231354/#review236960

> Looking at the bug that added these the code is here so we can display the extensions. I presume we won't be able to display them after this change? But the extensions don't look widespread so that this shouldn't be an issue.

More or less. We won't be able to display them in the specially-formatted way they are now - it'll just be a hexdump, basically. Since they don't affect verification, I don't see a point in supporting them in the certificate viewer.
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5a39db181e6a
remove some dynamic OIDs from the certificate viewer that don't serve any purpose r=fkiefer
https://hg.mozilla.org/mozilla-central/rev/5a39db181e6a
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.