Closed Bug 1530545 Opened 5 years ago Closed 5 years ago

Store Preloaded Intermediates in cert_storage

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Version:
66 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox68 --- fixed

People

(Reporter: jcj, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

bug 1530545 - store preloaded intermediates in cert_storage r?mgoodwin
47 bytes, text/x-phabricator-request
Details | Review

Intermediate Preloading in Bug 657228 stores the downloaded CAs in NSS' DB, which has some performance issues. The new Rust cert_storage module is much faster, and since CA cert lookups are in a hot-path for all TLS connections, we should prefer the new module.

This updates cert_storage to be able to store certificates indexed by subject DN
for easy lookup by NSSCertDBTrustDomain during path building. This also updates
RemoteSecuritySettings to store newly-downloaded preloaded intermediates in
cert_storage.

Assignee: nobody → dkeeler
Whiteboard: [psm-assigned]
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/70463f459a9c
store preloaded intermediates in cert_storage r=mgoodwin,myk

https://hg.mozilla.org/mozilla-central/rev/70463f459a9c

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: