Closed Bug 1530545 Opened 7 months ago Closed 5 months ago

Store Preloaded Intermediates in cert_storage

Categories

(Core :: Security: PSM, enhancement, P1)

66 Branch
enhancement

Tracking

()

RESOLVED FIXED
mozilla68
Tracking Status
firefox68 --- fixed

People

(Reporter: jcj, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Intermediate Preloading in Bug 657228 stores the downloaded CAs in NSS' DB, which has some performance issues. The new Rust cert_storage module is much faster, and since CA cert lookups are in a hot-path for all TLS connections, we should prefer the new module.

This updates cert_storage to be able to store certificates indexed by subject DN
for easy lookup by NSSCertDBTrustDomain during path building. This also updates
RemoteSecuritySettings to store newly-downloaded preloaded intermediates in
cert_storage.

Assignee: nobody → dkeeler
Whiteboard: [psm-assigned]
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/70463f459a9c
store preloaded intermediates in cert_storage r=mgoodwin,myk
Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Duplicate of this bug: 1539622
You need to log in before you can comment on or make changes to this bug.