Closed Bug 1519492 Opened 1 year ago Closed 1 year ago

reorganize NSSCertDBTrustDomain::FindIssuer to facilitate bug 1514118

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla66
Tracking Status
firefox66 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

The architecture of NSSCertDBTrustDomain::FindIssuer (that it uses a CERTCertList and iterates over the candidates twice) makes it a bit harder than it should be to mix in additional certificates from other sources (essentially, bug 1514118). We can reorganize it to ease future improvements.

Before this patch, NSSCertDBTrustDomain::FindIssuer would iterate over its
candidate list (a CERTCertList) twice. This would have made it difficult to add
in candidate issuers from other sources (see e.g. bug 1514118, wherein the goal
is to bypass NSS' view of what certificates exist to facilitate third
party/enterprise roots). This patch reorganizes this function to make future
improvements easier.
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7c4644640936
reorganize NSSCertDBTrustDomain::FindIssuer to facilitate future improvements r=jcj
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.