Closed Bug 1519492 Opened 6 years ago Closed 6 years ago

reorganize NSSCertDBTrustDomain::FindIssuer to facilitate bug 1514118

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
firefox66 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

bug 1519492 - reorganize NSSCertDBTrustDomain::FindIssuer to facilitate future improvements r?jcj
47 bytes, text/x-phabricator-request
Details | Review

The architecture of NSSCertDBTrustDomain::FindIssuer (that it uses a CERTCertList and iterates over the candidates twice) makes it a bit harder than it should be to mix in additional certificates from other sources (essentially, bug 1514118). We can reorganize it to ease future improvements.

Before this patch, NSSCertDBTrustDomain::FindIssuer would iterate over its candidate list (a CERTCertList) twice. This would have made it difficult to add in candidate issuers from other sources (see e.g. bug 1514118, wherein the goal is to bypass NSS' view of what certificates exist to facilitate third party/enterprise roots). This patch reorganizes this function to make future improvements easier.
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7c4644640936 reorganize NSSCertDBTrustDomain::FindIssuer to facilitate future improvements r=jcj

https://hg.mozilla.org/mozilla-central/rev/7c4644640936

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox66: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: